University of Passau
In this paper a method for detecting denial-of-service attacks in Web sites is presented. The detection of Web attacks are distinguished from normal user patterns by inserting decoy hyperlinks into some key pages in the Website. Typical types of decoy hyperlinks are described and experimental results derived from real Web-sites gives the extremely low false positive rate of 0.0421%. A method for selecting an effective and minimal number of decoy hyperlinks and pages is also presented and evaluated in real and simulated data.