Title :
HTTP-sCAN: Detecting HTTP-flooding attaCk by modeling multi-features of web browsing behavior from noisy dataset
Author :
Jin Wang ; Min Zhang ; Xiaolong Yang ; Keping Long ; Chimin Zhou
Author_Institution :
Sch. of Comput & Commun. Eng., Univ. of Sci. & Technol., Beijing, China
Abstract :
HTTP-flooding attack disables the victimized Web server by sending a large number of HTTP Get requests. Recent research tends to detect the attacks with the anomaly-based approaches, which detect the HTTP-flooding by modeling the behavior of normal Web users. However, most of the existing anomaly-based detection approaches usually cannot filter the Web crawling traces of the unknown search bots mixed in the normal Web browsing logs. These Web-crawling traces can bias the detection model in the training phase, thus further influencing the performance of the anomaly-based detection schemes. This paper proposes a novel anomaly-based HTTP-flooding detection scheme (HTTP-sCAN), which can eliminate the influence of the Web-crawling traces with the cluster algorithm. The simulation results show that HTTP-sCAN is immune to the interferences of unknown search sessions, and can detect all HTTP-flooding attacks.
Keywords :
Internet; file servers; online front-ends; telecommunication security; transport protocols; HTTP get requests; HTTP-flooding attack; HTTP-sCAN; Web browsing behavior; Web crawling traces; anomaly-based detection; cluster algorithm; detection model; noisy dataset; normal Web browsing logs; normal Web users; training phase; unknown search bots; victimized Web server; Analytical models; Cluster algorithm; DDoS; IP network; Relative Entropy;
Conference_Titel :
Communications (APCC), 2013 19th Asia-Pacific Conference on
Conference_Location :
Denpasar
Print_ISBN :
978-1-4673-6048-7
DOI :
10.1109/APCC.2013.6766035
