Detecção de ataques DDoS flash crowd baseado na análise comportamental de usuários
| Ano de defesa: | 2017 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Santa Maria
Brasil Ciência da Computação UFSM Programa de Pós-Graduação em Informática Centro de Tecnologia |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufsm.br/handle/1/13447 |
Resumo: | The Internet has been target of attacks for several reasons, such as financial gratuities, cyber wars, among others. Distributed denial of service (DDoS) attacks stand out as a threat to the proper functioning of the Internet, and when present in application layer, such as DDoS mimic Flash Crowd, can serve as an alternative for botmasters to make their attacks even more undetectable. The main difficulty found in the identification of this attack is mainly due to the similarity with benign network traffic of the Flash Crowd type (outbreak of unexpected visits). Attack-detection tools need to differentiate a Flash Crowd traffic from a traffic with DDoS attack. Thus, the purpose of this work is to present a method capable of detecting DDoS mimic Flash Crowd attack, as well as distinguishing malicious users disguised as legitimate (human) users. This work proposes a method of detection based on the observation of the interactivity pattern in user requests, differentiating a human user from a bot (malicious program) by modeling the behavior through the interactivity rate, the number of requests and the time between them. The experiments demonstrate the effectiveness of the detection method, proving that the expected interactivity pattern can be applied as a detection mechanism. |