Detection of HTTP-GET flood attack based on analysis of page access behavior

Takeshi Yatagai; Takamasa Isohara; Iwao Sasase

doi:10.1109/PACRIM.2007.4313218

Detection of HTTP-GET flood attack based on analysis of page access behavior

Takeshi Yatagai, Takamasa Isohara, Iwao Sasase

Department of Information and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

81 Citations (Scopus)

Abstract

Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior.We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.

Original language	English
Title of host publication	2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM
Pages	232-235
Number of pages	4
DOIs	https://doi.org/10.1109/PACRIM.2007.4313218
Publication status	Published - 2007 Dec 1
Event	2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM - Victoria, BC, Canada Duration: 2007 Aug 22 → 2007 Aug 24

Publication series

Name	IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings

Other

Other	2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM
Country/Territory	Canada
City	Victoria, BC
Period	07/8/22 → 07/8/24

ASJC Scopus subject areas

Signal Processing
Computer Networks and Communications

Access to Document

10.1109/PACRIM.2007.4313218

Cite this

Yatagai, T., Isohara, T., & Sasase, I. (2007). Detection of HTTP-GET flood attack based on analysis of page access behavior. In 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM (pp. 232-235). [4313218] (IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings). https://doi.org/10.1109/PACRIM.2007.4313218

Detection of HTTP-GET flood attack based on analysis of page access behavior. / Yatagai, Takeshi; Isohara, Takamasa; Sasase, Iwao.
2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM. 2007. p. 232-235 4313218 (IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yatagai, T, Isohara, T & Sasase, I 2007, Detection of HTTP-GET flood attack based on analysis of page access behavior. in 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM., 4313218, IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings, pp. 232-235, 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM, Victoria, BC, Canada, 07/8/22. https://doi.org/10.1109/PACRIM.2007.4313218

Yatagai T, Isohara T, Sasase I. Detection of HTTP-GET flood attack based on analysis of page access behavior. In 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM. 2007. p. 232-235. 4313218. (IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings). doi: 10.1109/PACRIM.2007.4313218

@inproceedings{c466f668aac7480382341756625dde10,

title = "Detection of HTTP-GET flood attack based on analysis of page access behavior",

abstract = "Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior.We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.",

author = "Takeshi Yatagai and Takamasa Isohara and Iwao Sasase",

year = "2007",

month = dec,

day = "1",

doi = "10.1109/PACRIM.2007.4313218",

language = "English",

isbn = "1424411904",

series = "IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings",

pages = "232--235",

booktitle = "2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM",

note = "2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM ; Conference date: 22-08-2007 Through 24-08-2007",

}

TY - GEN

T1 - Detection of HTTP-GET flood attack based on analysis of page access behavior

AU - Yatagai, Takeshi

AU - Isohara, Takamasa

AU - Sasase, Iwao

PY - 2007/12/1

Y1 - 2007/12/1

N2 - Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior.We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.

AB - Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior.We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.

UR - http://www.scopus.com/inward/record.url?scp=47349116678&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=47349116678&partnerID=8YFLogxK

U2 - 10.1109/PACRIM.2007.4313218

DO - 10.1109/PACRIM.2007.4313218

M3 - Conference contribution

AN - SCOPUS:47349116678

SN - 1424411904

SN - 9781424411900

T3 - IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing - Proceedings

SP - 232

EP - 235

BT - 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, Conference Proceedings, PACRIM

T2 - 2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM

Y2 - 22 August 2007 through 24 August 2007

ER -

Detection of HTTP-GET flood attack based on analysis of page access behavior

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this