Suen, Ho Yan. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2009. / Includes bibliographical references (leaves 99-104). / Abstract also in Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- Organization --- p.4 / Chapter 2 --- Literature Review --- p.6 / Chapter 2.1 --- Related Works --- p.6 / Chapter 2.2 --- Background Study --- p.7 / Chapter 2.2.1 --- World Wide Web --- p.7 / Chapter 2.2.2 --- Distributed Denial of Service Attack --- p.11 / Chapter 2.2.3 --- Tools for Dimension Reduction --- p.13 / Chapter 2.2.4 --- Tools for Anomaly Detection --- p.20 / Chapter 2.2.5 --- Receiver operating characteristics (ROC) Analysis --- p.22 / Chapter 3 --- System Design --- p.25 / Chapter 3.1 --- Methodology --- p.25 / Chapter 3.2 --- System Overview --- p.27 / Chapter 3.3 --- Reference Profile Construction --- p.31 / Chapter 3.4 --- Real-time Anomaly Detection and Response --- p.32 / Chapter 3.5 --- Chapter Summary --- p.34 / Chapter 4 --- Reference Profile Construction --- p.35 / Chapter 4.1 --- Web Access Logs Collection --- p.35 / Chapter 4.2 --- Data Preparation --- p.37 / Chapter 4.3 --- Feature Extraction and Embedding Engine (FEE Engine) --- p.40 / Chapter 4.3.1 --- Sub-Sequence Extraction --- p.42 / Chapter 4.3.2 --- Hash Function on Sub-sequences (optional) --- p.45 / Chapter 4.3.3 --- Feature Vector Construction --- p.46 / Chapter 4.3.4 --- Diffusion Wavelets Embedding --- p.47 / Chapter 4.3.5 --- Numerical Example of Feature Set Reduction --- p.49 / Chapter 4.3.6 --- Reference Profile and Further Use of FEE Engine --- p.50 / Chapter 4.4 --- Chapter Summary --- p.50 / Chapter 5 --- Real-time Anomaly Detection and Response --- p.52 / Chapter 5.1 --- Session Filtering and Data Preparation --- p.54 / Chapter 5.2 --- Feature Extraction and Embedding --- p.54 / Chapter 5.3 --- Distance-based Outlier Scores Calculation --- p.55 / Chapter 5.4 --- Anomaly Detection and Response --- p.56 / Chapter 5.4.1 --- Length-Based Anomaly Detection Modules --- p.56 / Chapter 5.4.2 --- Characteristics of Anomaly Detection Modules --- p.59 / Chapter 5.4.3 --- Dynamic Threshold Adaptation --- p.60 / Chapter 5.5 --- Chapter Summary --- p.63 / Chapter 6 --- Experimental Results --- p.65 / Chapter 6.1 --- Experiment Datasets --- p.65 / Chapter 6.1.1 --- Normal Web Access Logs --- p.66 / Chapter 6.1.2 --- Attack Data Generation --- p.68 / Chapter 6.2 --- ROC Curve Construction --- p.70 / Chapter 6.3 --- System Parameters Selection --- p.71 / Chapter 6.4 --- Performance of Anomaly Detection --- p.82 / Chapter 6.4.1 --- Performance Analysis --- p.85 / Chapter 6.4.2 --- Performance in defending DDoS attacks --- p.87 / Chapter 6.5 --- Computation Requirement --- p.91 / Chapter 6.6 --- Chapter Summary --- p.95 / Chapter 7 --- Conclusion and Future Work --- p.96 / Bibliography --- p.99
Identifer | oai:union.ndltd.org:cuhk.edu.hk/oai:cuhk-dr:cuhk_326945 |
Date | January 2009 |
Contributors | Suen, Ho Yan., Chinese University of Hong Kong Graduate School. Division of Information Engineering. |
Source Sets | The Chinese University of Hong Kong |
Language | English, Chinese |
Detected Language | English |
Type | Text, bibliography |
Format | print, xiv, 104 leaves : ill. ; 30 cm. |
Rights | Use of this resource is governed by the terms and conditions of the Creative Commons “Attribution-NonCommercial-NoDerivatives 4.0 International” License (http://creativecommons.org/licenses/by-nc-nd/4.0/) |
Page generated in 0.002 seconds