Identifying HTTP DDoS Attacks Using Self Organizing Map and Fuzzy Logic in Internet Based Environments

  • T Raja Sree
  • S Mary Saira Bhanu
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 44)


The increasing usage of internet resources may lead to more cyber crimes in the network domain. Among the various kinds of attacks, HTTP flooding is one of the major threats to uninterrupted and efficient internet services that depletes the application layer. It is hard to find out the traces of this attack because the attacker deletes all possible traces in the network. Thus, the only possible way to find the attack is from the trace log file located in the server. This paper proposes a method using Self Organizing Map (SOM) and fuzzy association rule mining to identify the attack. SOM is used to isolate the unknown patterns and to identify the suspicious source. The attacks are identified using fuzzy association rule mining. The statistical test has been carried out to measure the significance of features to identify the legitimate or intrusive behavior.


Self organizing map Fuzzy association rule mining HTTP flood 


  1. 1.
  2. 2.
    Sebyala, A.A., Olukemi, T., Sacks, L., Sacks, D.L.: Active platform security through intrusion detection using naive bayesian network for anomaly detection. In: International Symposium on Communications, pp. 1–5. London (2002)Google Scholar
  3. 3.
    Oh, H., Chae, K.: Real-time intrusion detection system based on self-organized maps and feature correlations. In: 3rd International Conference on Convergence and Hybrid Information Technology ICCIT’08, vol. 2, pp. 1154–1158. IEEE Press, (2008)Google Scholar
  4. 4.
    Konar, A., Joshi, R.C.: An efficient intrusion detection system using clustering combined with fuzzy logic. In: Ranka, S., Banerjee, A., Biswas, K., Dua, S., Mishra, P., Moona, R., Poon, S.H., Wang, C.-L. (eds.) Contemporary Computing 2010, LNCS, vol. 94, pp. 218–228. Springer, Heidelberg (2010)Google Scholar
  5. 5.
    Byers, S., Rubin, A.D., Kormann, D.: Defending against an Internet-based attack on the physical world. ACM Trans. Internet Technol. (TOIT) 4(3), 239–254 (2004)CrossRefGoogle Scholar
  6. 6.
    Beitollahi, H., Deconinck, G.: Analyzing well-known countermeasures against distributed denial of service attacks. J. Comput. Commun. 35, 1312–1332 (2012)CrossRefGoogle Scholar
  7. 7.
    Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K., Kalita, J.K.: Detecting distributed denial of service attacks: methods, tools and future directions. J. Comput. 57, 537–556 (2014)CrossRefGoogle Scholar
  8. 8.
    Siaterlis, C., Maglaris, V.: Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics. In: 10th IEEE Symposium on Computers and Communications ISCC, pp. 469–475. IEEE Press (2005)Google Scholar
  9. 9.
    HTTP flood Attacks Danger and Security, Scholar
  10. 10.
    Yatagai, T., Isohara, T., Sasase, I.: Detection of HTTP-GET flood attack based on analysis of page access behavior. In: IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, pp. 232–235. IEEE Press (2007)Google Scholar
  11. 11.
    Pabarskaite, Z.: Enhancements of preprocessing, analysis and preparation techniques in web log mining. Vilnius Technikes, Vilnius (2009)Google Scholar
  12. 12.
    Kohonen, T.: Self-organized formation of topologically correct feature maps. J. Bio. cybern 43(1), 59–69 (1982)MathSciNetCrossRefMATHGoogle Scholar
  13. 13.
  14. 14.
    Dusan, S., Natalija, V., An, A.: Detection of malicious and non-malicious website visitors using unsupervised neural network learning. J. Appl. Soft Comput. 13, 698–708 (2013)CrossRefGoogle Scholar
  15. 15.
    Liao, N.: Network forensics based on fuzzy logic and expert system. J. Comput. Commun. 32, 1881–1892 (2009)CrossRefGoogle Scholar
  16. 16.
  17. 17.
    Ishibuchi, H., Yamamoto, T., Nakashima, T.: Determination of rule weights of fuzzy association rules. In: The 10th IEEE International Conference on Fuzzy Systems, vol. 3, pp. 1555–1558. IEEE Press (2001)Google Scholar
  18. 18.
  19. 19.
    OWASP HTTP GET DDoS attack. Scholar
  20. 20.
  21. 21.
    Gupta, S.C., Kapoor, V.K.: Elements of Mathematical Statistics, 3rd edn. (2003)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringNational Institute of TechnologyTiruchirappalliIndia

Personalised recommendations