You are here:   
  1. Home
  2. Articles
  3. http://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9

Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers View Full Text

Ontology type: schema:ScholarlyArticle      Open Access: True


Article Info

DATE

2016-09

AUTHORS

Uwe Dick, Tobias Scheffer

ABSTRACT

We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service. More... »

PAGES

385-410

References to SciGraph publications

  • 2008. Incorporation of Application Layer Protocol Syntax into Anomaly Detection in INFORMATION SYSTEMS SECURITY
  • 2007-10. A new intrusion detection system using support vector machines and hierarchical clustering in THE VLDB JOURNAL

    • Journal

    TITLE

    Machine Learning

    ISSUE

    2-3

    VOLUME

    104

    Subjects

  • FOR: Artificial Intelligence And Image Processing
  • FOR: Information And Computing Sciences

    • Author Affiliations

  • University of Potsdam

    • Identifiers

    URI

    http://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9

    DOI

    http://dx.doi.org/10.1007/s10994-016-5581-9

    DIMENSIONS

    https://app.dimensions.ai/details/publication/pub.1013750322

    Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
    Incoming Citations Browse incoming citations for this publication using opencitations.net

    JSON-LD is the canonical representation for SciGraph data.

    TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT 

    [
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Potsdam", 
          "id": "https://www.grid.ac/institutes/grid.11348.3f", 
          "name": [
            "Department of Computer Science, University of Potsdam, Potsdam, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Dick", 
        "givenName": "Uwe", 
        "id": "sg:person.013043521415.94", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013043521415.94"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Potsdam", 
          "id": "https://www.grid.ac/institutes/grid.11348.3f", 
          "name": [
            "Department of Computer Science, University of Potsdam, Potsdam, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Scheffer", 
        "givenName": "Tobias", 
        "id": "sg:person.0765615604.15", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0765615604.15"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "https://doi.org/10.1145/2517312.2517316", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1003211375"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00778-006-0002-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1004343792", 
          "https://doi.org/10.1007/s00778-006-0002-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00778-006-0002-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1004343792", 
          "https://doi.org/10.1007/s00778-006-0002-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1216370.1216373", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1008453551"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1390156.1390195", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1018948353"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-89862-7_17", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1026896652", 
          "https://doi.org/10.1007/978-3-540-89862-7_17"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-89862-7_17", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1026896652", 
          "https://doi.org/10.1007/978-3-540-89862-7_17"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.eswa.2011.07.032", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1027977698"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.cose.2010.12.004", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1042379231"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.eswa.2012.07.009", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1042386109"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.neunet.2008.02.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1047445454"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.jnca.2005.06.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1053671311"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.jnca.2005.06.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1053671311"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/surv.2013.031413.00127", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061446857"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tnet.2008.923716", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061715032"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1137/s0363012997331639", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1062881408"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tssa.2011.6095400", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093756882"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/cnsr.2007.22", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093967230"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/infocom.2006.127", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094040068"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.5121/csit.2012.2223", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1099443672"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1613/jair.3623", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1105689824"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2016-09", 
    "datePublishedReg": "2016-09-01", 
    "description": "We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.", 
    "genre": "research_article", 
    "id": "sg:pub.10.1007/s10994-016-5581-9", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": true, 
    "isPartOf": [
      {
        "id": "sg:journal.1125588", 
        "issn": [
          "0885-6125", 
          "1573-0565"
        ], 
        "name": "Machine Learning", 
        "type": "Periodical"
      }, 
      {
        "issueNumber": "2-3", 
        "type": "PublicationIssue"
      }, 
      {
        "type": "PublicationVolume", 
        "volumeNumber": "104"
      }
    ], 
    "name": "Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers", 
    "pagination": "385-410", 
    "productId": [
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "4180fbe1662f9ba59f37322833a682254bafbaebeff765436bc2bef3fb266e9c"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/s10994-016-5581-9"
        ]
      }, 
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1013750322"
        ]
      }
    ], 
    "sameAs": [
      "https://doi.org/10.1007/s10994-016-5581-9", 
      "https://app.dimensions.ai/details/publication/pub.1013750322"
    ], 
    "sdDataset": "articles", 
    "sdDatePublished": "2019-04-11T12:20", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000362_0000000362/records_87078_00000000.jsonl", 
    "type": "ScholarlyArticle", 
    "url": "https://link.springer.com/10.1007%2Fs10994-016-5581-9"
  }
]
     

    Download the RDF metadata as:  json-ld nt turtle xml License info

    HOW TO GET THIS DATA PROGRAMMATICALLY:

    JSON-LD is a popular format for linked data which is fully compatible with JSON. 

    curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

    N-Triples is a line-based linked data format ideal for batch operations. 

    curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

    Turtle is a human-readable linked data format. 

    curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

    RDF/XML is a standard XML format for linked data. 

    curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'


     

    This table displays all metadata directly associated to this object as RDF triples.

    124 TRIPLES      21 PREDICATES      45 URIs      19 LITERALS      7 BLANK NODES

    Subject Predicate Object
    1 sg:pub.10.1007/s10994-016-5581-9 schema:about anzsrc-for:08
    2 anzsrc-for:0801
    3 schema:author Nf8962e2b38ad4e0792c11aa771480026
    4 schema:citation sg:pub.10.1007/978-3-540-89862-7_17
    5 sg:pub.10.1007/s00778-006-0002-5
    6 https://doi.org/10.1016/j.cose.2010.12.004
    7 https://doi.org/10.1016/j.eswa.2011.07.032
    8 https://doi.org/10.1016/j.eswa.2012.07.009
    9 https://doi.org/10.1016/j.jnca.2005.06.003
    10 https://doi.org/10.1016/j.neunet.2008.02.003
    11 https://doi.org/10.1109/cnsr.2007.22
    12 https://doi.org/10.1109/infocom.2006.127
    13 https://doi.org/10.1109/surv.2013.031413.00127
    14 https://doi.org/10.1109/tnet.2008.923716
    15 https://doi.org/10.1109/tssa.2011.6095400
    16 https://doi.org/10.1137/s0363012997331639
    17 https://doi.org/10.1145/1216370.1216373
    18 https://doi.org/10.1145/1390156.1390195
    19 https://doi.org/10.1145/2517312.2517316
    20 https://doi.org/10.1613/jair.3623
    21 https://doi.org/10.5121/csit.2012.2223
    22 schema:datePublished 2016-09
    23 schema:datePublishedReg 2016-09-01
    24 schema:description We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.
    25 schema:genre research_article
    26 schema:inLanguage en
    27 schema:isAccessibleForFree true
    28 schema:isPartOf N52d3b38ec3234d9f816c5a4eb0ad7f91
    29 N9613ea3c01f64f2f9b2311f2041ab92c
    30 sg:journal.1125588
    31 schema:name Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers
    32 schema:pagination 385-410
    33 schema:productId N1a3cc243573c46ec9e393c24fb4a143b
    34 Nb31b4b96058549809dc5dc7fa4a70590
    35 Ne325f0000b214222ab1f2edb31f1e0af
    36 schema:sameAs https://app.dimensions.ai/details/publication/pub.1013750322
    37 https://doi.org/10.1007/s10994-016-5581-9
    38 schema:sdDatePublished 2019-04-11T12:20
    39 schema:sdLicense https://scigraph.springernature.com/explorer/license/
    40 schema:sdPublisher N0d5427ddc513402d9aecee5a141faa4b
    41 schema:url https://link.springer.com/10.1007%2Fs10994-016-5581-9
    42 sgo:license sg:explorer/license/
    43 sgo:sdDataset articles
    44 rdf:type schema:ScholarlyArticle
    45 N0d5427ddc513402d9aecee5a141faa4b schema:name Springer Nature - SN SciGraph project
    46 rdf:type schema:Organization
    47 N1a3cc243573c46ec9e393c24fb4a143b schema:name dimensions_id
    48 schema:value pub.1013750322
    49 rdf:type schema:PropertyValue
    50 N52d3b38ec3234d9f816c5a4eb0ad7f91 schema:volumeNumber 104
    51 rdf:type schema:PublicationVolume
    52 N7b835d083eac4beeb72af8669821fe96 rdf:first sg:person.0765615604.15
    53 rdf:rest rdf:nil
    54 N9613ea3c01f64f2f9b2311f2041ab92c schema:issueNumber 2-3
    55 rdf:type schema:PublicationIssue
    56 Nb31b4b96058549809dc5dc7fa4a70590 schema:name doi
    57 schema:value 10.1007/s10994-016-5581-9
    58 rdf:type schema:PropertyValue
    59 Ne325f0000b214222ab1f2edb31f1e0af schema:name readcube_id
    60 schema:value 4180fbe1662f9ba59f37322833a682254bafbaebeff765436bc2bef3fb266e9c
    61 rdf:type schema:PropertyValue
    62 Nf8962e2b38ad4e0792c11aa771480026 rdf:first sg:person.013043521415.94
    63 rdf:rest N7b835d083eac4beeb72af8669821fe96
    64 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
    65 schema:name Information and Computing Sciences
    66 rdf:type schema:DefinedTerm
    67 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
    68 schema:name Artificial Intelligence and Image Processing
    69 rdf:type schema:DefinedTerm
    70 sg:journal.1125588 schema:issn 0885-6125
    71 1573-0565
    72 schema:name Machine Learning
    73 rdf:type schema:Periodical
    74 sg:person.013043521415.94 schema:affiliation https://www.grid.ac/institutes/grid.11348.3f
    75 schema:familyName Dick
    76 schema:givenName Uwe
    77 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013043521415.94
    78 rdf:type schema:Person
    79 sg:person.0765615604.15 schema:affiliation https://www.grid.ac/institutes/grid.11348.3f
    80 schema:familyName Scheffer
    81 schema:givenName Tobias
    82 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0765615604.15
    83 rdf:type schema:Person
    84 sg:pub.10.1007/978-3-540-89862-7_17 schema:sameAs https://app.dimensions.ai/details/publication/pub.1026896652
    85 https://doi.org/10.1007/978-3-540-89862-7_17
    86 rdf:type schema:CreativeWork
    87 sg:pub.10.1007/s00778-006-0002-5 schema:sameAs https://app.dimensions.ai/details/publication/pub.1004343792
    88 https://doi.org/10.1007/s00778-006-0002-5
    89 rdf:type schema:CreativeWork
    90 https://doi.org/10.1016/j.cose.2010.12.004 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042379231
    91 rdf:type schema:CreativeWork
    92 https://doi.org/10.1016/j.eswa.2011.07.032 schema:sameAs https://app.dimensions.ai/details/publication/pub.1027977698
    93 rdf:type schema:CreativeWork
    94 https://doi.org/10.1016/j.eswa.2012.07.009 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042386109
    95 rdf:type schema:CreativeWork
    96 https://doi.org/10.1016/j.jnca.2005.06.003 schema:sameAs https://app.dimensions.ai/details/publication/pub.1053671311
    97 rdf:type schema:CreativeWork
    98 https://doi.org/10.1016/j.neunet.2008.02.003 schema:sameAs https://app.dimensions.ai/details/publication/pub.1047445454
    99 rdf:type schema:CreativeWork
    100 https://doi.org/10.1109/cnsr.2007.22 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093967230
    101 rdf:type schema:CreativeWork
    102 https://doi.org/10.1109/infocom.2006.127 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094040068
    103 rdf:type schema:CreativeWork
    104 https://doi.org/10.1109/surv.2013.031413.00127 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061446857
    105 rdf:type schema:CreativeWork
    106 https://doi.org/10.1109/tnet.2008.923716 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061715032
    107 rdf:type schema:CreativeWork
    108 https://doi.org/10.1109/tssa.2011.6095400 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093756882
    109 rdf:type schema:CreativeWork
    110 https://doi.org/10.1137/s0363012997331639 schema:sameAs https://app.dimensions.ai/details/publication/pub.1062881408
    111 rdf:type schema:CreativeWork
    112 https://doi.org/10.1145/1216370.1216373 schema:sameAs https://app.dimensions.ai/details/publication/pub.1008453551
    113 rdf:type schema:CreativeWork
    114 https://doi.org/10.1145/1390156.1390195 schema:sameAs https://app.dimensions.ai/details/publication/pub.1018948353
    115 rdf:type schema:CreativeWork
    116 https://doi.org/10.1145/2517312.2517316 schema:sameAs https://app.dimensions.ai/details/publication/pub.1003211375
    117 rdf:type schema:CreativeWork
    118 https://doi.org/10.1613/jair.3623 schema:sameAs https://app.dimensions.ai/details/publication/pub.1105689824
    119 rdf:type schema:CreativeWork
    120 https://doi.org/10.5121/csit.2012.2223 schema:sameAs https://app.dimensions.ai/details/publication/pub.1099443672
    121 rdf:type schema:CreativeWork
    122 https://www.grid.ac/institutes/grid.11348.3f schema:alternateName University of Potsdam
    123 schema:name Department of Computer Science, University of Potsdam, Potsdam, Germany
    124 rdf:type schema:Organization
     




    Preview window. Press ESC to close (or click here)

    ...