Machine Learning

, Volume 104, Issue 2–3, pp 385–410

Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers


DOI: 10.1007/s10994-016-5581-9

Cite this article as:
Dick, U. & Scheffer, T. Mach Learn (2016) 104: 385. doi:10.1007/s10994-016-5581-9


We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.

Funding information

Funder NameGrant NumberFunding Note
Deutsche Forschungsgemeinschaft
  • SCHE540/12-2

Copyright information

© The Author(s) 2016

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of PotsdamPotsdamGermany

Personalised recommendations