TY - GEN
T1 - Detection of HTTP-GET flood attack based on analysis of page access behavior
AU - Yatagai, Takeshi
AU - Isohara, Takamasa
AU - Sasase, Iwao
PY - 2007/12/1
Y1 - 2007/12/1
N2 - Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior.We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.
AB - Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior.We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.
UR - http://www.scopus.com/inward/record.url?scp=47349116678&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47349116678&partnerID=8YFLogxK
U2 - 10.1109/PACRIM.2007.4313218
DO - 10.1109/PACRIM.2007.4313218
M3 - Conference contribution
AN - SCOPUS:47349116678
SN - 1424411904
SN - 9781424411900
T3 - IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings
SP - 232
EP - 235
BT - 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM
T2 - 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM
Y2 - 22 August 2007 through 24 August 2007
ER -