Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers View Full Text


Ontology type: schema:ScholarlyArticle      Open Access: True


Article Info

DATE

2016-09

AUTHORS

Uwe Dick, Tobias Scheffer

ABSTRACT

We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service. More... »

PAGES

385-410

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9

DOI

http://dx.doi.org/10.1007/s10994-016-5581-9

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1013750322


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Potsdam", 
          "id": "https://www.grid.ac/institutes/grid.11348.3f", 
          "name": [
            "Department of Computer Science, University of Potsdam, Potsdam, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Dick", 
        "givenName": "Uwe", 
        "id": "sg:person.013043521415.94", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013043521415.94"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of Potsdam", 
          "id": "https://www.grid.ac/institutes/grid.11348.3f", 
          "name": [
            "Department of Computer Science, University of Potsdam, Potsdam, Germany"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Scheffer", 
        "givenName": "Tobias", 
        "id": "sg:person.0765615604.15", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0765615604.15"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "https://doi.org/10.1145/2517312.2517316", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1003211375"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00778-006-0002-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1004343792", 
          "https://doi.org/10.1007/s00778-006-0002-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/s00778-006-0002-5", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1004343792", 
          "https://doi.org/10.1007/s00778-006-0002-5"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1216370.1216373", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1008453551"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1390156.1390195", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1018948353"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-89862-7_17", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1026896652", 
          "https://doi.org/10.1007/978-3-540-89862-7_17"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-89862-7_17", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1026896652", 
          "https://doi.org/10.1007/978-3-540-89862-7_17"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.eswa.2011.07.032", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1027977698"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.cose.2010.12.004", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1042379231"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.eswa.2012.07.009", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1042386109"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.neunet.2008.02.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1047445454"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.jnca.2005.06.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1053671311"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.jnca.2005.06.003", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1053671311"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/surv.2013.031413.00127", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061446857"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tnet.2008.923716", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061715032"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1137/s0363012997331639", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1062881408"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tssa.2011.6095400", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093756882"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/cnsr.2007.22", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093967230"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/infocom.2006.127", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094040068"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.5121/csit.2012.2223", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1099443672"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1613/jair.3623", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1105689824"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2016-09", 
    "datePublishedReg": "2016-09-01", 
    "description": "We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.", 
    "genre": "research_article", 
    "id": "sg:pub.10.1007/s10994-016-5581-9", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": true, 
    "isPartOf": [
      {
        "id": "sg:journal.1125588", 
        "issn": [
          "0885-6125", 
          "1573-0565"
        ], 
        "name": "Machine Learning", 
        "type": "Periodical"
      }, 
      {
        "issueNumber": "2-3", 
        "type": "PublicationIssue"
      }, 
      {
        "type": "PublicationVolume", 
        "volumeNumber": "104"
      }
    ], 
    "name": "Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers", 
    "pagination": "385-410", 
    "productId": [
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "4180fbe1662f9ba59f37322833a682254bafbaebeff765436bc2bef3fb266e9c"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/s10994-016-5581-9"
        ]
      }, 
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1013750322"
        ]
      }
    ], 
    "sameAs": [
      "https://doi.org/10.1007/s10994-016-5581-9", 
      "https://app.dimensions.ai/details/publication/pub.1013750322"
    ], 
    "sdDataset": "articles", 
    "sdDatePublished": "2019-04-11T12:20", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000362_0000000362/records_87078_00000000.jsonl", 
    "type": "ScholarlyArticle", 
    "url": "https://link.springer.com/10.1007%2Fs10994-016-5581-9"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/s10994-016-5581-9'


 

This table displays all metadata directly associated to this object as RDF triples.

124 TRIPLES      21 PREDICATES      45 URIs      19 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/s10994-016-5581-9 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author N6bee68d8e73740c39ec30381dc93d06f
4 schema:citation sg:pub.10.1007/978-3-540-89862-7_17
5 sg:pub.10.1007/s00778-006-0002-5
6 https://doi.org/10.1016/j.cose.2010.12.004
7 https://doi.org/10.1016/j.eswa.2011.07.032
8 https://doi.org/10.1016/j.eswa.2012.07.009
9 https://doi.org/10.1016/j.jnca.2005.06.003
10 https://doi.org/10.1016/j.neunet.2008.02.003
11 https://doi.org/10.1109/cnsr.2007.22
12 https://doi.org/10.1109/infocom.2006.127
13 https://doi.org/10.1109/surv.2013.031413.00127
14 https://doi.org/10.1109/tnet.2008.923716
15 https://doi.org/10.1109/tssa.2011.6095400
16 https://doi.org/10.1137/s0363012997331639
17 https://doi.org/10.1145/1216370.1216373
18 https://doi.org/10.1145/1390156.1390195
19 https://doi.org/10.1145/2517312.2517316
20 https://doi.org/10.1613/jair.3623
21 https://doi.org/10.5121/csit.2012.2223
22 schema:datePublished 2016-09
23 schema:datePublishedReg 2016-09-01
24 schema:description We focus on the problem of detecting clients that attempt to exhaust server resources by flooding a service with protocol-compliant HTTP requests. Attacks are usually coordinated by an entity that controls many clients. Modeling the application as a structured-prediction problem allows the prediction model to jointly classify a multitude of clients based on their cohesion of otherwise inconspicuous features. Since the resulting output space is too vast to search exhaustively, we employ greedy search and techniques in which a parametric controller guides the search. We apply a known method that sequentially learns the controller and the structured-prediction model. We then derive an online policy-gradient method that finds the parameters of the controller and of the structured-prediction model in a joint optimization problem; we obtain a convergence guarantee for the latter method. We evaluate and compare the various methods based on a large collection of traffic data of a web-hosting service.
25 schema:genre research_article
26 schema:inLanguage en
27 schema:isAccessibleForFree true
28 schema:isPartOf N3a01865561fe400da6d5cbd9e40cd359
29 N641c5ee6187d436db8f151a4a2b1a171
30 sg:journal.1125588
31 schema:name Learning to control a structured-prediction decoder for detection of HTTP-layer DDoS attackers
32 schema:pagination 385-410
33 schema:productId N0371baef006a4f19ae89f2f7540bb53a
34 N0698ef0942004af3bf6b67c2b96fe795
35 N73e778addc5b419680e94c6722411abc
36 schema:sameAs https://app.dimensions.ai/details/publication/pub.1013750322
37 https://doi.org/10.1007/s10994-016-5581-9
38 schema:sdDatePublished 2019-04-11T12:20
39 schema:sdLicense https://scigraph.springernature.com/explorer/license/
40 schema:sdPublisher Nda288934fc1b4ee79276f6323734a407
41 schema:url https://link.springer.com/10.1007%2Fs10994-016-5581-9
42 sgo:license sg:explorer/license/
43 sgo:sdDataset articles
44 rdf:type schema:ScholarlyArticle
45 N0371baef006a4f19ae89f2f7540bb53a schema:name doi
46 schema:value 10.1007/s10994-016-5581-9
47 rdf:type schema:PropertyValue
48 N0698ef0942004af3bf6b67c2b96fe795 schema:name readcube_id
49 schema:value 4180fbe1662f9ba59f37322833a682254bafbaebeff765436bc2bef3fb266e9c
50 rdf:type schema:PropertyValue
51 N3a01865561fe400da6d5cbd9e40cd359 schema:issueNumber 2-3
52 rdf:type schema:PublicationIssue
53 N641c5ee6187d436db8f151a4a2b1a171 schema:volumeNumber 104
54 rdf:type schema:PublicationVolume
55 N6bee68d8e73740c39ec30381dc93d06f rdf:first sg:person.013043521415.94
56 rdf:rest Nc1a6b575b692423886dc53db3e68b4e7
57 N73e778addc5b419680e94c6722411abc schema:name dimensions_id
58 schema:value pub.1013750322
59 rdf:type schema:PropertyValue
60 Nc1a6b575b692423886dc53db3e68b4e7 rdf:first sg:person.0765615604.15
61 rdf:rest rdf:nil
62 Nda288934fc1b4ee79276f6323734a407 schema:name Springer Nature - SN SciGraph project
63 rdf:type schema:Organization
64 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
65 schema:name Information and Computing Sciences
66 rdf:type schema:DefinedTerm
67 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
68 schema:name Artificial Intelligence and Image Processing
69 rdf:type schema:DefinedTerm
70 sg:journal.1125588 schema:issn 0885-6125
71 1573-0565
72 schema:name Machine Learning
73 rdf:type schema:Periodical
74 sg:person.013043521415.94 schema:affiliation https://www.grid.ac/institutes/grid.11348.3f
75 schema:familyName Dick
76 schema:givenName Uwe
77 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013043521415.94
78 rdf:type schema:Person
79 sg:person.0765615604.15 schema:affiliation https://www.grid.ac/institutes/grid.11348.3f
80 schema:familyName Scheffer
81 schema:givenName Tobias
82 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.0765615604.15
83 rdf:type schema:Person
84 sg:pub.10.1007/978-3-540-89862-7_17 schema:sameAs https://app.dimensions.ai/details/publication/pub.1026896652
85 https://doi.org/10.1007/978-3-540-89862-7_17
86 rdf:type schema:CreativeWork
87 sg:pub.10.1007/s00778-006-0002-5 schema:sameAs https://app.dimensions.ai/details/publication/pub.1004343792
88 https://doi.org/10.1007/s00778-006-0002-5
89 rdf:type schema:CreativeWork
90 https://doi.org/10.1016/j.cose.2010.12.004 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042379231
91 rdf:type schema:CreativeWork
92 https://doi.org/10.1016/j.eswa.2011.07.032 schema:sameAs https://app.dimensions.ai/details/publication/pub.1027977698
93 rdf:type schema:CreativeWork
94 https://doi.org/10.1016/j.eswa.2012.07.009 schema:sameAs https://app.dimensions.ai/details/publication/pub.1042386109
95 rdf:type schema:CreativeWork
96 https://doi.org/10.1016/j.jnca.2005.06.003 schema:sameAs https://app.dimensions.ai/details/publication/pub.1053671311
97 rdf:type schema:CreativeWork
98 https://doi.org/10.1016/j.neunet.2008.02.003 schema:sameAs https://app.dimensions.ai/details/publication/pub.1047445454
99 rdf:type schema:CreativeWork
100 https://doi.org/10.1109/cnsr.2007.22 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093967230
101 rdf:type schema:CreativeWork
102 https://doi.org/10.1109/infocom.2006.127 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094040068
103 rdf:type schema:CreativeWork
104 https://doi.org/10.1109/surv.2013.031413.00127 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061446857
105 rdf:type schema:CreativeWork
106 https://doi.org/10.1109/tnet.2008.923716 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061715032
107 rdf:type schema:CreativeWork
108 https://doi.org/10.1109/tssa.2011.6095400 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093756882
109 rdf:type schema:CreativeWork
110 https://doi.org/10.1137/s0363012997331639 schema:sameAs https://app.dimensions.ai/details/publication/pub.1062881408
111 rdf:type schema:CreativeWork
112 https://doi.org/10.1145/1216370.1216373 schema:sameAs https://app.dimensions.ai/details/publication/pub.1008453551
113 rdf:type schema:CreativeWork
114 https://doi.org/10.1145/1390156.1390195 schema:sameAs https://app.dimensions.ai/details/publication/pub.1018948353
115 rdf:type schema:CreativeWork
116 https://doi.org/10.1145/2517312.2517316 schema:sameAs https://app.dimensions.ai/details/publication/pub.1003211375
117 rdf:type schema:CreativeWork
118 https://doi.org/10.1613/jair.3623 schema:sameAs https://app.dimensions.ai/details/publication/pub.1105689824
119 rdf:type schema:CreativeWork
120 https://doi.org/10.5121/csit.2012.2223 schema:sameAs https://app.dimensions.ai/details/publication/pub.1099443672
121 rdf:type schema:CreativeWork
122 https://www.grid.ac/institutes/grid.11348.3f schema:alternateName University of Potsdam
123 schema:name Department of Computer Science, University of Potsdam, Potsdam, Germany
124 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...