Countering distributed denial of service (DDoS) attacks is becoming ever more challenging with the vast resources and techniques increasingly available to attackers. Derived from the low layers, new application-layer-based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. The case may be more serious when such attacks mimic or occur during the flash crowd event of a popular Website. The problem concerned in this project is sophisticated attacks that are protocol compliant, non-intrusive, and utilize legitimate application-layer requests to overwhelm system resources. It characterizes application-layer resource attacks as either request flooding, asymmetric, or repeated one-shot, on the basis of the application workload parameters that they exploit. The traffic characteristics of low layers are not enough to distinguish the App-DDoS attacks from the normal flash crowd event. In this paper, the proposal work presents Gaussian distribution factor to enhance the attack resistance scheme for having better detection rate even for stationary object in the application DDoS attacks. The attack detection is identified with the Gaussian distribution of the traffic data of flash crowds surrounding the respective web sites. In this paper, the proposed mechanisms used to thwart the application DDoS attacks using bayes optimal filter strategy. The simulation using Network Simulator results proves that the attack resistance rate and delay is minimized and hence the proposed scheme outperforms the existing scheme.

1. Yi Xie and Shun-Zheng Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites" IEEE/ACM Transactions on networking, vol. 17, no. 1, February 2009 .
2. S. Kandula, D. Katabi, M. Jacob, and A. W. Berger, "Botz-4-Sale: Surviving Organized DDoS Attacks that Mimic Flash Crowds,"MIT, Tech. Rep. TR-969, 2004.
3. I. Ari, B. Hong, E. L. Miller, S. A. Brandt, and D. D. E. Long, "Modeling, Analysis and Simulation of Flash Crowds on the Internet,"Storage Systems Research Center Jack Baskin School of Engineering University of California, Santa Cruz Santa Cruz, CA, ech. Rep. UCSC-CRL-03-15, Feb. 28, 2004 http://ssrc. cse. ucsc. edu/, 95064.
4. J. Jung, B. Krishnamurthy, and M. Rabinovich, "Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites," in Proc. 11th IEEE Int. World Wide Web Conf. , May 2002,pp. 252–262.
5. Y. Xie and S. Yu, "A detection approach of user behaviors based on HsMM," in Proc. 19th Int. Teletraffic Congress (ITC19), Beijing, China, Aug. 29–Sep. 2 2005, pp. 451–460
6. Y. Xie and S. Yu, "A novel model for detecting application layer DDoS attacks," in Proc. 1st IEEE Int. Multi-Symp. Comput. Computat. Sci. (IMSCCS|06), Hangzhou, China, Jun. 20–24, 2006, vol. 2, pp. 56–63.
7. T. Peng and K. R. M. C. Leckie, "Protection from distributed denial of service attacks using history-based IP filtering," in Proc. IEEE Int. Conf. Commun. , May 2003, vol. 1, pp. 482–486
8. S. -Z. Yu and H. Kobayashi, "An efficient forward-backward algorithm for an explicit duration hidden Markov model," IEEE Signal Process. Lett. , vol. 10, no. 1, pp. 11–14, Jan. 2003.
9. L. I. Smith, A Tutorial on Principal Components Analysis [EB/OL], 2003 [Online]. Available: http://www. snl. salk. edu/~shlens/pub/ notes/ pca. pdf
10. A. Hyvärinen, "Survey on independent component analysis," Neural Comput. Surveys, vol. 2, pp. 94–128, 1999
11. A. Hyvärinen, "Fast and robust fixed-point algorithms for independent component analysis," IEEE Trans. Neural Netw. , vol. 10, no. 3, pp. 626–634, Jun. 1999 .
12. J. B. D. Cabrera, L. Lewis, X. Qin, W. Lee, R. K. Prasanth, B. Ravichandran, and R. K. Mehra, "Proactive detection of distributed denial of service attacks using MIB traffic variables a feasibility study," in Proc. IEEE/IFIP Int. Symp. Integr. Netw. Manag. , May 2001, pp. 609–622.
13. J. Yuan and K. Mills, "Monitoring the macroscopic effect of DDoS flooding attacks," IEEE Trans. Dependable and Secure Computing, vol. 2, no. 4, pp. 324–335, Oct. -Dec. 2005.
14. J. Mirkovic, G. Prier, and P. Reiher, "Attacking DDoS at the source," in Proc. Int. Conf. Network Protocols, 2002, pp. 312–321.

Application Ddos Attacks Bayes Optimal Filter Strategy Gaussian Distribution