{"title":"Detecting Http Flooding Attacks Based on Uniform Model","authors":"D. Nashat, S. Khairy","doi":"10.1109/NaNA53684.2021.00024","DOIUrl":null,"url":null,"abstract":"The HTTP flooding attack is the most complicated type of DDoS attacks since the malicious packets are hidden in a huge amount of normal traffic. The present work introduce a new detection method for HTTP flooding attack according to the abnormal HTTP traffic behavior during attack time. The new scheme first keeps various statistical measurements for normal traffic attributes (e.g Request, Responses, Open connections, TCP packets, UDP packets and ICMP packets) as a reference profile. Then, the Mahalanobis distance between the reference profile and the statistical measurements of the incoming HTTP connection (i.e for every attribute) is computed during each interval of detection time. Finally, the detection decision is based on the probability of the uniform distribution. Two real traffic traces are used in our simulation to evaluate the detection efficiency of the proposed scheme by computing its detection rate and the probability of false positive and also false negative.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"1947 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
The HTTP flooding attack is the most complicated type of DDoS attacks since the malicious packets are hidden in a huge amount of normal traffic. The present work introduce a new detection method for HTTP flooding attack according to the abnormal HTTP traffic behavior during attack time. The new scheme first keeps various statistical measurements for normal traffic attributes (e.g Request, Responses, Open connections, TCP packets, UDP packets and ICMP packets) as a reference profile. Then, the Mahalanobis distance between the reference profile and the statistical measurements of the incoming HTTP connection (i.e for every attribute) is computed during each interval of detection time. Finally, the detection decision is based on the probability of the uniform distribution. Two real traffic traces are used in our simulation to evaluate the detection efficiency of the proposed scheme by computing its detection rate and the probability of false positive and also false negative.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
