{"title":"提出了一种减少HTTP-Get Flood攻击影响的新方法","authors":"Hamid Mirvaziri","doi":"10.1016/j.fcij.2017.07.003","DOIUrl":null,"url":null,"abstract":"<div><p>HTTP Get Flood attack is known as the most common DDOS attack on the application layer with a frequency of 21 percent in all attacks. Since a huge amount of requests is sent to the Web Server for receiving pages and also the volume of responses issued by the server is much more than the volume received by zombies in this kind of attack, hence it could be done by small botnets; in the other hand, because every zombie attempts to issue the request by the use of its real address, carries out all stages of the three-stage handshakes, and the context of the requests is fully consistent with the HTTP protocol, the techniques of fake address detection and anomaly detection in text could not be employed. The mechanisms that are used to deal with this attack not only have much processing overload but also may cause two kinds of “False Negative” (To realize wrongly the fake traffic as the real traffic) and “False Positive” (To realize wrongly the real traffic as the fake traffic) errors. Therefore a method is proposed that is able to adapt itself to the traffic by the use of low processing overload and it has less error than the similar systems and using this way.</p></div>","PeriodicalId":100561,"journal":{"name":"Future Computing and Informatics Journal","volume":"2 2","pages":"Pages 87-93"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.fcij.2017.07.003","citationCount":"6","resultStr":"{\"title\":\"A new method to reduce the effects of HTTP-Get Flood attack\",\"authors\":\"Hamid Mirvaziri\",\"doi\":\"10.1016/j.fcij.2017.07.003\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>HTTP Get Flood attack is known as the most common DDOS attack on the application layer with a frequency of 21 percent in all attacks. Since a huge amount of requests is sent to the Web Server for receiving pages and also the volume of responses issued by the server is much more than the volume received by zombies in this kind of attack, hence it could be done by small botnets; in the other hand, because every zombie attempts to issue the request by the use of its real address, carries out all stages of the three-stage handshakes, and the context of the requests is fully consistent with the HTTP protocol, the techniques of fake address detection and anomaly detection in text could not be employed. The mechanisms that are used to deal with this attack not only have much processing overload but also may cause two kinds of “False Negative” (To realize wrongly the fake traffic as the real traffic) and “False Positive” (To realize wrongly the real traffic as the fake traffic) errors. Therefore a method is proposed that is able to adapt itself to the traffic by the use of low processing overload and it has less error than the similar systems and using this way.</p></div>\",\"PeriodicalId\":100561,\"journal\":{\"name\":\"Future Computing and Informatics Journal\",\"volume\":\"2 2\",\"pages\":\"Pages 87-93\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1016/j.fcij.2017.07.003\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Future Computing and Informatics Journal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2314728816300332\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Future Computing and Informatics Journal","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2314728816300332","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
摘要
HTTP Get Flood攻击是应用层最常见的DDOS攻击,占所有攻击的21%。由于大量的请求被发送到Web服务器来接收页面,并且在这种攻击中服务器发出的响应量远远超过僵尸接收的量,因此可以由小型僵尸网络来完成;另一方面,由于每个僵尸都试图使用自己的真实地址发出请求,进行三阶段握手的所有阶段,并且请求的上下文与HTTP协议完全一致,因此无法采用假地址检测和文本异常检测技术。用于处理这种攻击的机制不仅有很大的处理过载,而且可能造成两种“假负”(错误地将假流量误认为是真实流量)和“假正”(错误地将真实流量误认为是虚假流量)错误。因此,提出了一种利用低处理过载来适应流量的方法,并且与同类系统相比,该方法具有更小的误差。
A new method to reduce the effects of HTTP-Get Flood attack
HTTP Get Flood attack is known as the most common DDOS attack on the application layer with a frequency of 21 percent in all attacks. Since a huge amount of requests is sent to the Web Server for receiving pages and also the volume of responses issued by the server is much more than the volume received by zombies in this kind of attack, hence it could be done by small botnets; in the other hand, because every zombie attempts to issue the request by the use of its real address, carries out all stages of the three-stage handshakes, and the context of the requests is fully consistent with the HTTP protocol, the techniques of fake address detection and anomaly detection in text could not be employed. The mechanisms that are used to deal with this attack not only have much processing overload but also may cause two kinds of “False Negative” (To realize wrongly the fake traffic as the real traffic) and “False Positive” (To realize wrongly the real traffic as the fake traffic) errors. Therefore a method is proposed that is able to adapt itself to the traffic by the use of low processing overload and it has less error than the similar systems and using this way.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
