Title :
HTTP-sCAN: Detecting HTTP-flooding attack by modeling multi-features of web browsing behavior from noisy web-logs
Author :
Wang Jin ; Zhang Min ; Yang Xiaolong ; Long Keping ; Xu Jie
Author_Institution :
Sch. of Comput. & Commun. Eng., Univ. of Sci. & Technol. Beijing, Beijing, China
Abstract :
HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests. Recent research tends to detect HTTP-flooding with the anomaly-based approaches, which detect the HTTP-flooding by modeling the behavior of normal web surfers. However, most of the existing anomaly-based detection approaches usually cannot filter the web-crawling traces from unknown searching bots mixed in normal web browsing logs. These web-crawling traces can bias the base-line profile of anomaly-based schemes in their training phase, and further degrade their detection performance. This paper proposes a novel web-crawling traces-tolerated method to build baseline profile, and designs a new anomaly-based HTTP-flooding detection scheme (abbr. HTTP-sCAN). The simulation results show that HTTP-sCAN is immune to the interferences of unknown web-crawling traces, and can detect all HTTP-flooding attacks.
Keywords :
IP networks; Internet; computer network security; hypermedia; invasive software; transport protocols; HTTP get request; HTTP-flooding attack; HTTP-sCAN; Web browsing behavior; Web browsing log; Web surfers; Web-crawling traces; anomaly-based HTTP-flooding detection scheme; anomaly-based detection; detection performance; multifeature; noisy Web-logs; searching bot; victimized Web server; Computer crime; Crawlers; Floods; Semantics; Training; Web pages; Web servers; DDoS; IP network; cluster algorithm; relative entropy;
Journal_Title :
Communications, China
DOI :
10.1109/CC.2015.7084407
