Title :
An HTTP Flooding Detection Method Based on Browser Behavior
Author :
Lu, Wei-Zhou ; Yu, Shun-zheng
Author_Institution :
Dept. of Electron. & Commun. Eng., Zhongshan Univ., Guangzhou
Abstract :
HTTP flooding is an attack that uses enormous useless packets to jam a Web server. In this paper, we use hidden semi-Markov models (HSMM) to describe Web-browsing patterns and detect HTTP flooding attacks. We first use a large number of legitimate request sequences to train an HSMM model and then use this legitimate model to check each incoming request sequence. Abnormal Web traffic whose likelihood falls into unreasonable range for the legitimate model would be classified as potential attack traffic and should be controlled with special actions such as filtering or limiting the traffic. Finally we validate our approach by testing the method with real data. The result shows that our method can detect the anomaly Web traffic effectively
Keywords :
Internet; hidden Markov models; hypermedia; online front-ends; security of data; HTTP flooding attack detection; Web browsing patterns; Web server; abnormal Web traffic; anomaly Web traffic detection; browser behavior; hidden semiMarkov models; Communication system traffic control; Computer crime; Floods; Information filtering; Information filters; Sun; Testing; Traffic control; Web pages; Web server;
Conference_Titel :
Computational Intelligence and Security, 2006 International Conference on
Conference_Location :
Guangzhou
Print_ISBN :
1-4244-0605-6
Electronic_ISBN :
1-4244-0605-6
DOI :
10.1109/ICCIAS.2006.295444
