Table of Contents Author Guidelines Submit a Manuscript
Journal of Control Science and Engineering
Volume 2013 (2013), Article ID 821315, 6 pages
Research Article

Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

School of Information Science and Engineering, Changzhou University, Changzhou 213164, China

Received 7 June 2013; Accepted 25 August 2013

Academic Editor: Xiaomei Qi

Copyright © 2013 Tongguang Ni et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.