基于最大频繁序列模式挖掘的App-DDoS攻击的异常检测

为了动态、准确、高效地描述用户的访问行为，实现对不同应用层分布式拒绝服务(Application-layer Distributed Denial of Service, App-DDoS)攻击行为的透明检测，该文提出基于最大频繁序列模式挖掘的ADA_MFSP(App-DDoS Detection Algorithm based on Maximal Frequent Sequential Pattern mining)检测模型。该模型在对正常Web访问序列数据库(Web Access Sequence Database, WASD)及待检测WASD进行最大频繁序列模式挖掘的基础上，引入序列比对平均异常度，联合浏览时间平均异常度、请求循环平均异常度等有效检测属性，最终实现攻击行为的异常检测。实验证明：ADA_MFSP模型不仅能有效检测各类App-DDoS攻击，且有良好的检测灵敏度。

Detecting App-DDoS Attacks Based on Maximal Frequent Sequential Pattern Mining

In order to describe the users access behavior dynamically, efficiently and accurately, a novel detection model for Application-layer Distributed Denial of Service (App-DDoS) attack based on maximal frequent sequential pattern mining is proposed, named App-DDoS Detection Algorithm based on Maximal Frequent Sequential Pattern mining (ADA_MFSP). After mining maximal frequent sequential patterns of trained and detected Web Access Sequence Database (WASD), the model introduces sequence alignment, view time and request circulation abnormality to describe the behaviour of App-DDoS attacks, finally achieves the purpose of attack detection. It is proved with experiments that the ADA_MFSP model can not only detect kinds of App-DDoS attacks, but also has good detection sensitivity.