The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The underflow problem of the forward-backward algorithm is a crucial issue for implementation of Hidden semi-Markov models (HsMM). A widely used solution is to scale up the forward and backward variables at each time step. We demonstrate the conventional scaling approach is not robust with several examples, then propose an improved scaling approach which is warranted to be robust and applicable to...
A new two-layer hidden Markov model is proposed to describe the arrival rate process of Web traffic. The macro state process of the first underlying layer is used to describe the large-scale trends of network traffic. The sub-state process of the second underlying layer is used to describe the small-scale fluctuations that are happening during the duration of a given macro state. Experiments are implemented...
This paper is focused on a new type sneaky HTTP attack which has no obvious anomaly characteristics. A new light-weight anomaly detection scheme is introduced for large-scale Web sites whose workload is much heavier and more bursty than the general Web sites. Based on stack distance values of HTTP requests, an improved event-driven hidden semi-Markov model is applied to describe the stochastic process...
Workload of a Web server is a complicated stochastic process with non-stationary properties. Userspsila access to Websites is governed by the activities of their daily life. Workload of servers has significant periodicities that reflect daily, weekly and seasonally effect of userspsila access. In this paper, we present a periodic hidden Markov model to characterize the stochastic behavior and the...
This paper presents a method of clustering Web request bursts. We purpose a parametric hidden semi-Markov model (HSMM) to describe the process of request bursts. We also use an HSMM-based clustering method to cluster different uses' sequences of request bursts and give the experiment results to validate our methods
It is difficult for the existing anomaly detection methods to distinguish the burst of normal traffic from the anomalous traffic in a large-scale Web site. This paper uses hidden semi-Markov model to describe the browsing behaviors of Web users. An efficient recursive algorithm for this model is presented for the online implementation of model update, which is used to track the Web users' browsing...
HTTP flooding is an attack that uses enormous useless packets to jam a Web server. In this paper, we use hidden semi-Markov models (HSMM) to describe Web-browsing patterns and detect HTTP flooding attacks. We first use a large number of legitimate request sequences to train an HSMM model and then use this legitimate model to check each incoming request sequence. Abnormal Web traffic whose likelihood...
In this paper, we present a Web robot detection approach based on hidden Markov model (HMM). We use an HMM to describe robot access pattern and then detect robot based on the access model. We also test our idea with real data
Countering distributed denial of service (DDoS) attacks is becoming ever more challenging with the vast resources and techniques increasingly available to attackers. DDoS attacks are typically carried out at the network layer. However, there is evidence to suggest that application layer DDoS attacks can be more effective than the traditional ones. In this paper, we consider sophisticated attacks that...
Location or mobility information of nodes, GPS information, load, link change rate, and routing information, etc., have been used for security purposes for wireless networks, such as intrusion detection in ad hoc networks. However, existing intrusion detection approaches usually focus on one of the aspects of nodes to detect statistical anomaly or malicious signatures. In this paper, a new model is...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.