With the huge increase in the number of network attack incidents, today's Cyberspace is facing unprecedented security threats. In all forms of attacks, Application-layer distributed denial of service (AL-DDoS) attacks have become one of the severest threats to the security of the internet. In the paper, we focus on the differences between AL-DDoS attack behavior and normal access behavior, and analyze the internal relationship and attack homology. Based on the analyses, a detection method against AL-DDoS attacks is proposed, which uses a relationship graph to reveal the consistency of group behaviors of AL-DDoS attacks. We called the relationship graph the behavior-path, which associates the attack behavior with URL access method, protocol type, source file name, host address and so on. Furthermore, we build up commutative matrix to construct the behavior-path. At the same time, we refine the attack behavior characteristics and divide the AL-DDoS attacks into three categories, which helps to match the behavior path. Finally, with ensemble learning we implement effectively detection of attack behavior. The experimental results show that the novel detection method has highest accuracy of 96.1% to AL-DDoS attacks.