Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers View Full Text


Ontology type: schema:ScholarlyArticle      Open Access: True


Article Info

DATE

2016-09

AUTHORS

Uwe Dick, Tobias Scheffer

ABSTRACT

We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service. More... »

PAGES

385-410

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9

DOI

http://dx.doi.org/10.1007/s10994-016-5581-9

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1013750322


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Potsdam", 
          "id": "https://www.grid.ac/institutes/grid.11348.3f", 
          "name": [
            "Department of Computer Science, University of Potsdam, Potsdam, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Dick", 
        "givenName": "Uwe", 
        "id": "sg:person.013043521415.94", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013043521415.94"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Potsdam", 
          "id": "https://www.grid.ac/institutes/grid.11348.3f", 
          "name": [
            "Department of Computer Science, University of Potsdam, Potsdam, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Scheffer", 
        "givenName": "Tobias", 
        "id": "sg:person.0765615604.15", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0765615604.15"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "https://doi.org/10.1145/2517312.2517316", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1003211375"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00778-006-0002-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1004343792", 
          "https://doi.org/10.1007/s00778-006-0002-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00778-006-0002-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1004343792", 
          "https://doi.org/10.1007/s00778-006-0002-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1216370.1216373", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1008453551"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1390156.1390195", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1018948353"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-89862-7_17", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1026896652", 
          "https://doi.org/10.1007/978-3-540-89862-7_17"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-89862-7_17", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1026896652", 
          "https://doi.org/10.1007/978-3-540-89862-7_17"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.eswa.2011.07.032", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1027977698"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.cose.2010.12.004", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1042379231"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.eswa.2012.07.009", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1042386109"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.neunet.2008.02.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1047445454"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.jnca.2005.06.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1053671311"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.jnca.2005.06.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1053671311"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/surv.2013.031413.00127", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061446857"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tnet.2008.923716", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061715032"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1137/s0363012997331639", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1062881408"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tssa.2011.6095400", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093756882"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/cnsr.2007.22", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093967230"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/infocom.2006.127", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094040068"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.5121/csit.2012.2223", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1099443672"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1613/jair.3623", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1105689824"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2016-09", 
    "datePublishedReg": "2016-09-01", 
    "description": "We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.", 
    "genre": "research_article", 
    "id": "sg:pub.10.1007/s10994-016-5581-9", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": true, 
    "isPartOf": [
      {
        "id": "sg:journal.1125588", 
        "issn": [
          "0885-6125", 
          "1573-0565"
        ], 
        "name": "Machine Learning", 
        "type": "Periodical"
      }, 
      {
        "issueNumber": "2-3", 
        "type": "PublicationIssue"
      }, 
      {
        "type": "PublicationVolume", 
        "volumeNumber": "104"
      }
    ], 
    "name": "Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers", 
    "pagination": "385-410", 
    "productId": [
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "4180fbe1662f9ba59f37322833a682254bafbaebeff765436bc2bef3fb266e9c"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/s10994-016-5581-9"
        ]
      }, 
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1013750322"
        ]
      }
    ], 
    "sameAs": [
      "https://doi.org/10.1007/s10994-016-5581-9", 
      "https://app.dimensions.ai/details/publication/pub.1013750322"
    ], 
    "sdDataset": "articles", 
    "sdDatePublished": "2019-04-11T12:20", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000362_0000000362/records_87078_00000000.jsonl", 
    "type": "ScholarlyArticle", 
    "url": "https://link.springer.com/10.1007%2Fs10994-016-5581-9"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'


 

This table displays all metadata directly associated to this object as RDF triples.

124 TRIPLES      21 PREDICATES      45 URIs      19 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/s10994-016-5581-9 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author Nf8962e2b38ad4e0792c11aa771480026
4 schema:citation sg:pub.10.1007/978-3-540-89862-7_17
5 sg:pub.10.1007/s00778-006-0002-5
6 https://doi.org/10.1016/j.cose.2010.12.004
7 https://doi.org/10.1016/j.eswa.2011.07.032
8 https://doi.org/10.1016/j.eswa.2012.07.009
9 https://doi.org/10.1016/j.jnca.2005.06.003
10 https://doi.org/10.1016/j.neunet.2008.02.003
11 https://doi.org/10.1109/cnsr.2007.22
12 https://doi.org/10.1109/infocom.2006.127
13 https://doi.org/10.1109/surv.2013.031413.00127
14 https://doi.org/10.1109/tnet.2008.923716
15 https://doi.org/10.1109/tssa.2011.6095400
16 https://doi.org/10.1137/s0363012997331639
17 https://doi.org/10.1145/1216370.1216373
18 https://doi.org/10.1145/1390156.1390195
19 https://doi.org/10.1145/2517312.2517316
20 https://doi.org/10.1613/jair.3623
21 https://doi.org/10.5121/csit.2012.2223
22 schema:datePublished 2016-09
23 schema:datePublishedReg 2016-09-01
24 schema:description We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.
25 schema:genre research_article
26 schema:inLanguage en
27 schema:isAccessibleForFree true
28 schema:isPartOf N52d3b38ec3234d9f816c5a4eb0ad7f91
29 N9613ea3c01f64f2f9b2311f2041ab92c
30 sg:journal.1125588
31 schema:name Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers
32 schema:pagination 385-410
33 schema:productId N1a3cc243573c46ec9e393c24fb4a143b
34 Nb31b4b96058549809dc5dc7fa4a70590
35 Ne325f0000b214222ab1f2edb31f1e0af
36 schema:sameAs https://app.dimensions.ai/details/publication/pub.1013750322
37 https://doi.org/10.1007/s10994-016-5581-9
38 schema:sdDatePublished 2019-04-11T12:20
39 schema:sdLicense https://scigraph.springernature.com/explorer/license/
40 schema:sdPublisher N0d5427ddc513402d9aecee5a141faa4b
41 schema:url https://link.springer.com/10.1007%2Fs10994-016-5581-9
42 sgo:license sg:explorer/license/
43 sgo:sdDataset articles
44 rdf:type schema:ScholarlyArticle
45 N0d5427ddc513402d9aecee5a141faa4b schema:name Springer Nature - SN SciGraph project
46 rdf:type schema:Organization
47 N1a3cc243573c46ec9e393c24fb4a143b schema:name dimensions_id
48 schema:value pub.1013750322
49 rdf:type schema:PropertyValue
50 N52d3b38ec3234d9f816c5a4eb0ad7f91 schema:volumeNumber 104
51 rdf:type schema:PublicationVolume
52 N7b835d083eac4beeb72af8669821fe96 rdf:first sg:person.0765615604.15
53 rdf:rest rdf:nil
54 N9613ea3c01f64f2f9b2311f2041ab92c schema:issueNumber 2-3
55 rdf:type schema:PublicationIssue
56 Nb31b4b96058549809dc5dc7fa4a70590 schema:name doi
57 schema:value 10.1007/s10994-016-5581-9
58 rdf:type schema:PropertyValue
59 Ne325f0000b214222ab1f2edb31f1e0af schema:name readcube_id
60 schema:value 4180fbe1662f9ba59f37322833a682254bafbaebeff765436bc2bef3fb266e9c
61 rdf:type schema:PropertyValue
62 Nf8962e2b38ad4e0792c11aa771480026 rdf:first sg:person.013043521415.94
63 rdf:rest N7b835d083eac4beeb72af8669821fe96
64 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
65 schema:name Information and Computing Sciences
66 rdf:type schema:DefinedTerm
67 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
68 schema:name Artificial Intelligence and Image Processing
69 rdf:type schema:DefinedTerm
70 sg:journal.1125588 schema:issn 0885-6125
71 1573-0565
72 schema:name Machine Learning
73 rdf:type schema:Periodical
74 sg:person.013043521415.94 schema:affiliation https://www.grid.ac/institutes/grid.11348.3f
75 schema:familyName Dick
76 schema:givenName Uwe
77 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013043521415.94
78 rdf:type schema:Person
79 sg:person.0765615604.15 schema:affiliation https://www.grid.ac/institutes/grid.11348.3f
80 schema:familyName Scheffer
81 schema:givenName Tobias
82 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0765615604.15
83 rdf:type schema:Person
84 sg:pub.10.1007/978-3-540-89862-7_17 schema:sameAs https://app.dimensions.ai/details/publication/pub.1026896652
85 https://doi.org/10.1007/978-3-540-89862-7_17
86 rdf:type schema:CreativeWork
87 sg:pub.10.1007/s00778-006-0002-5 schema:sameAs https://app.dimensions.ai/details/publication/pub.1004343792
88 https://doi.org/10.1007/s00778-006-0002-5
89 rdf:type schema:CreativeWork
90 https://doi.org/10.1016/j.cose.2010.12.004 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042379231
91 rdf:type schema:CreativeWork
92 https://doi.org/10.1016/j.eswa.2011.07.032 schema:sameAs https://app.dimensions.ai/details/publication/pub.1027977698
93 rdf:type schema:CreativeWork
94 https://doi.org/10.1016/j.eswa.2012.07.009 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042386109
95 rdf:type schema:CreativeWork
96 https://doi.org/10.1016/j.jnca.2005.06.003 schema:sameAs https://app.dimensions.ai/details/publication/pub.1053671311
97 rdf:type schema:CreativeWork
98 https://doi.org/10.1016/j.neunet.2008.02.003 schema:sameAs https://app.dimensions.ai/details/publication/pub.1047445454
99 rdf:type schema:CreativeWork
100 https://doi.org/10.1109/cnsr.2007.22 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093967230
101 rdf:type schema:CreativeWork
102 https://doi.org/10.1109/infocom.2006.127 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094040068
103 rdf:type schema:CreativeWork
104 https://doi.org/10.1109/surv.2013.031413.00127 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061446857
105 rdf:type schema:CreativeWork
106 https://doi.org/10.1109/tnet.2008.923716 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061715032
107 rdf:type schema:CreativeWork
108 https://doi.org/10.1109/tssa.2011.6095400 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093756882
109 rdf:type schema:CreativeWork
110 https://doi.org/10.1137/s0363012997331639 schema:sameAs https://app.dimensions.ai/details/publication/pub.1062881408
111 rdf:type schema:CreativeWork
112 https://doi.org/10.1145/1216370.1216373 schema:sameAs https://app.dimensions.ai/details/publication/pub.1008453551
113 rdf:type schema:CreativeWork
114 https://doi.org/10.1145/1390156.1390195 schema:sameAs https://app.dimensions.ai/details/publication/pub.1018948353
115 rdf:type schema:CreativeWork
116 https://doi.org/10.1145/2517312.2517316 schema:sameAs https://app.dimensions.ai/details/publication/pub.1003211375
117 rdf:type schema:CreativeWork
118 https://doi.org/10.1613/jair.3623 schema:sameAs https://app.dimensions.ai/details/publication/pub.1105689824
119 rdf:type schema:CreativeWork
120 https://doi.org/10.5121/csit.2012.2223 schema:sameAs https://app.dimensions.ai/details/publication/pub.1099443672
121 rdf:type schema:CreativeWork
122 https://www.grid.ac/institutes/grid.11348.3f schema:alternateName University of Potsdam
123 schema:name Department of Computer Science, University of Potsdam, Potsdam, Germany
124 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...