Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior

Author

Yatagai, Takeshi ; Isohara, Takamasa ; Sasase, Iwao

Author_Institution

Keio Univ., Yokohama

fYear

2007

fDate

22-24 Aug. 2007

Firstpage

232

Lastpage

235

Abstract

Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to Web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target Web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior. We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.

Keywords

Web services; computer viruses; file servers; hypermedia; telecommunication security; transport protocols; HTTP-GET flood detection technique; Web service; computer virus; denial-of-service attack; page access behavior; Computer crime; Detection algorithms; Distributed computing; Floods; Information analysis; Internet; Intrusion detection; Protocols; Web server; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications, Computers and Signal Processing, 2007. PacRim 2007. IEEE Pacific Rim Conference on

Conference_Location

Victoria, BC

Print_ISBN

978-1-4244-1189-4

Electronic_ISBN

1-4244-1190-4

Type

conf

DOI

10.1109/PACRIM.2007.4313218

Filename

4313218