Detecção de ataques DDoS flash crowd baseado na análise comportamental de usuários

Detalhes bibliográficos
Ano de defesa: 2017
Autor(a) principal: Jardim, Samuel Lautert
Orientador(a): Não Informado pela instituição
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: por
Instituição de defesa: Universidade Federal de Santa Maria
Brasil
Ciência da Computação
UFSM
Programa de Pós-Graduação em Informática
Centro de Tecnologia
Programa de Pós-Graduação: Não Informado pela instituição
Departamento: Não Informado pela instituição
País: Não Informado pela instituição
Palavras-chave em Português:
Link de acesso: http://repositorio.ufsm.br/handle/1/13447
Resumo: The Internet has been target of attacks for several reasons, such as financial gratuities, cyber wars, among others. Distributed denial of service (DDoS) attacks stand out as a threat to the proper functioning of the Internet, and when present in application layer, such as DDoS mimic Flash Crowd, can serve as an alternative for botmasters to make their attacks even more undetectable. The main difficulty found in the identification of this attack is mainly due to the similarity with benign network traffic of the Flash Crowd type (outbreak of unexpected visits). Attack-detection tools need to differentiate a Flash Crowd traffic from a traffic with DDoS attack. Thus, the purpose of this work is to present a method capable of detecting DDoS mimic Flash Crowd attack, as well as distinguishing malicious users disguised as legitimate (human) users. This work proposes a method of detection based on the observation of the interactivity pattern in user requests, differentiating a human user from a bot (malicious program) by modeling the behavior through the interactivity rate, the number of requests and the time between them. The experiments demonstrate the effectiveness of the detection method, proving that the expected interactivity pattern can be applied as a detection mechanism.