• DocumentCode
    3316675
  • Title

    An HTTP Flooding Detection Method Based on Browser Behavior

  • Author

    Lu, Wei-Zhou ; Yu, Shun-zheng

  • Author_Institution
    Dept. of Electron. & Commun. Eng., Zhongshan Univ., Guangzhou
  • Volume
    2
  • fYear
    2006
  • fDate
    3-6 Nov. 2006
  • Firstpage
    1151
  • Lastpage
    1154
  • Abstract
    HTTP flooding is an attack that uses enormous useless packets to jam a Web server. In this paper, we use hidden semi-Markov models (HSMM) to describe Web-browsing patterns and detect HTTP flooding attacks. We first use a large number of legitimate request sequences to train an HSMM model and then use this legitimate model to check each incoming request sequence. Abnormal Web traffic whose likelihood falls into unreasonable range for the legitimate model would be classified as potential attack traffic and should be controlled with special actions such as filtering or limiting the traffic. Finally we validate our approach by testing the method with real data. The result shows that our method can detect the anomaly Web traffic effectively
  • Keywords
    Internet; hidden Markov models; hypermedia; online front-ends; security of data; HTTP flooding attack detection; Web browsing patterns; Web server; abnormal Web traffic; anomaly Web traffic detection; browser behavior; hidden semiMarkov models; Communication system traffic control; Computer crime; Floods; Information filtering; Information filters; Sun; Testing; Traffic control; Web pages; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computational Intelligence and Security, 2006 International Conference on
  • Conference_Location
    Guangzhou
  • Print_ISBN
    1-4244-0605-6
  • Electronic_ISBN
    1-4244-0605-6
  • Type

    conf

  • DOI
    10.1109/ICCIAS.2006.295444
  • Filename
    4076140
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3316675