{"title":"基于weblog预处理和特征提取的HTTP Flood攻击识别框架","authors":"Dilip Singh Sisodia, Namrata Verma","doi":"10.1109/ICACAT.2018.8933587","DOIUrl":null,"url":null,"abstract":"The HTTP flood attacks are carried out through enormous HTTP requests generated by automated software agents within a short period. The application layer is more vulnerable to HTTP flood attacks and exhausted computing and communication resources of the web server to disrupt the different web services. All HTTP requests are stored at the server as a web log file. However, malicious automated software agents camouflage their behavior on the web server logs and pose a great challenge to detect their HTTP requests. It is assumed that navigational behavior of actual visitors and automated software agents are fundamentally different. In this paper, a framework for weblog preprocessing and extracting various predefined features from raw web server logs is implemented. The most effective features are identified which are potentially useful in differentiating legitimate users and automated software agents. The sessionized HTTP feature vectors are also labeled as an actual visitor or possible web robots. The experiments are performed on raw weblogs of a commercial web portal.","PeriodicalId":6575,"journal":{"name":"2018 International Conference on Advanced Computation and Telecommunication (ICACAT)","volume":"64 1","pages":"1-4"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Framework for Preprocessing and Feature Extraction from Weblogs for Identification of HTTP Flood Request Attacks\",\"authors\":\"Dilip Singh Sisodia, Namrata Verma\",\"doi\":\"10.1109/ICACAT.2018.8933587\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The HTTP flood attacks are carried out through enormous HTTP requests generated by automated software agents within a short period. The application layer is more vulnerable to HTTP flood attacks and exhausted computing and communication resources of the web server to disrupt the different web services. All HTTP requests are stored at the server as a web log file. However, malicious automated software agents camouflage their behavior on the web server logs and pose a great challenge to detect their HTTP requests. It is assumed that navigational behavior of actual visitors and automated software agents are fundamentally different. In this paper, a framework for weblog preprocessing and extracting various predefined features from raw web server logs is implemented. The most effective features are identified which are potentially useful in differentiating legitimate users and automated software agents. The sessionized HTTP feature vectors are also labeled as an actual visitor or possible web robots. The experiments are performed on raw weblogs of a commercial web portal.\",\"PeriodicalId\":6575,\"journal\":{\"name\":\"2018 International Conference on Advanced Computation and Telecommunication (ICACAT)\",\"volume\":\"64 1\",\"pages\":\"1-4\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Advanced Computation and Telecommunication (ICACAT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICACAT.2018.8933587\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Advanced Computation and Telecommunication (ICACAT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICACAT.2018.8933587","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Framework for Preprocessing and Feature Extraction from Weblogs for Identification of HTTP Flood Request Attacks
The HTTP flood attacks are carried out through enormous HTTP requests generated by automated software agents within a short period. The application layer is more vulnerable to HTTP flood attacks and exhausted computing and communication resources of the web server to disrupt the different web services. All HTTP requests are stored at the server as a web log file. However, malicious automated software agents camouflage their behavior on the web server logs and pose a great challenge to detect their HTTP requests. It is assumed that navigational behavior of actual visitors and automated software agents are fundamentally different. In this paper, a framework for weblog preprocessing and extracting various predefined features from raw web server logs is implemented. The most effective features are identified which are potentially useful in differentiating legitimate users and automated software agents. The sessionized HTTP feature vectors are also labeled as an actual visitor or possible web robots. The experiments are performed on raw weblogs of a commercial web portal.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
