Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior

Yatagai, Takeshi; Isohara, Takamasa; Sasase, Iwao

doi:10.1109/pacrim.2007.4313218

Cited by 71 publications

(39 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use the apachetop command on the server side to measure HTTP requests. Table II shows the efficiency of the method using XMLHttpRequest, our proposed Browser-based DDoS attacks without JavaScript and the F5attack [15] in the same environment.…”

Section: A Experiments Environmentmentioning

confidence: 99%

Browser-Based DDoS Attacks without Javascript

Kamikubo¹,

Saito²

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Recently, browser-based distributed denial of service (DDoS) attacks, in which a malicious JavaScript program is distributed through an advertisement network, and runs in the background of the web browser, were observed. In this paper, we address a question whether browser-based DDoS attacks can be realized without JavaScript. We construct new browser-based DDoS attacks based only on HTML functions, and compare them with the existing JavaScript-based DDoS attacks in efficiency.

show abstract

Section: A Experiments Environmentmentioning

confidence: 99%

Browser-Based DDoS Attacks without Javascript

Kamikubo¹,

Saito²

2017

ijacsa

View full text Add to dashboard Cite

show abstract

“…DDoS attack detection based on the browsing order of webpages had been proposed [15]. The authors used correlation with time of browsing to the size of the webpage information for classifying the attack from that of the normal profile.…”

Section: Attack Scenariomentioning

confidence: 99%

Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks

Singh

Thongam

2016

Entropy

View full text Add to dashboard Cite

Distributed denial-of-service (DDoS) attack is one of the major threats to the web server. The rapid increase of DDoS attacks on the Internet has clearly pointed out the limitations in current intrusion detection systems or intrusion prevention systems (IDS/IPS), mostly caused by application-layer DDoS attacks. Within this context, the objective of the paper is to detect a DDoS attack using a multilayer perceptron (MLP) classification algorithm with genetic algorithm (GA) as learning algorithm. In this work, we analyzed the standard EPA-HTTP (environmental protection agency-hypertext transfer protocol) dataset and selected the parameters that will be used as input to the classifier model for differentiating the attack from normal profile. The parameters selected are the HTTP GET request count, entropy, and variance for every connection. The proposed model can provide a better accuracy of 98.31%, sensitivity of 0.9962, and specificity of 0.0561 when compared to other traditional classification models.

show abstract

“…The data sets in our check leverage IDS Snort 2.9 [20]. To generate an acceptable alert set, we used IDS Snort 2.9 in our experiments, which has the flexibility of providing alerts in a flat file [9].…”

Section: Accomplishment Experimentsmentioning

confidence: 99%

Collection Mechanism and Reduction of IDS Alert

HashimAl-Saedi¹,

Ramadass²,

Almomani³

et al. 2012

IJCA

View full text Add to dashboard Cite

Numerous techniques and approaches are used to address the threats that are faced by computer networks today's. Some of these reactive approaches involve Intrusion Detection System (IDS), malware data mining and network monitoring. Numerous false positive alerts are generated by the IDS, contributing negatively to system complexity and performance. In this paper, we present a new framework called collection mechanism and reduction of IDS alert framework (CMRAF) to remove duplicate IDS alerts and reduce the amount of false alerts. CMRAF is based on two models. The first model develops a mechanism to save IDS alerts, extract the standard features as intrusion detection message exchange format, and save them in DB file (CSVtype). The second model consists of three phases. The first phase removes redundant alerts, the second phase reduces false alerts based on threshold time value, and the last phase reduces false alerts based on rules with threshold common vulnerabilities and exposure value. We applied CMRAF on two environments: the Darpa 1999 and the NAv6 network center data sets. The result obtained from the experiment on Darpa 1999 data set recorded an 92% alert reduction rate, whereas that on the NAv6 data set recorded an 84% alert reduction rate. From the results, CMRAF was able to scale back a massive quantity of redundant alerts and effectively reduces false alerts.

show abstract

Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior

Cited by 71 publications

References 3 publications

Browser-Based DDoS Attacks without Javascript

Browser-Based DDoS Attacks without Javascript

Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks

Collection Mechanism and Reduction of IDS Alert

Contact Info

Product

Resources

About