Detection of HTTP-GET flood attack based on analysis of page access behavior

Takeshi Yatagai, Takamasa Isohara, Iwao Sasase

Research output: Chapter in Book/Report/Conference proceedingConference contribution

66 Citations (Scopus)

Abstract

Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior.We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.

Original languageEnglish
Title of host publication2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM
Pages232-235
Number of pages4
DOIs
Publication statusPublished - 2007 Dec 1
Event2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM - Victoria, BC, Canada
Duration: 2007 Aug 222007 Aug 24

Publication series

NameIEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings

Other

Other2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM
CountryCanada
CityVictoria, BC
Period07/8/2207/8/24

ASJC Scopus subject areas

  • Signal Processing
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Detection of HTTP-GET flood attack based on analysis of page access behavior'. Together they form a unique fingerprint.

  • Cite this

    Yatagai, T., Isohara, T., & Sasase, I. (2007). Detection of HTTP-GET flood attack based on analysis of page access behavior. In 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM (pp. 232-235). [4313218] (IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings). https://doi.org/10.1109/PACRIM.2007.4313218