By Topic

Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Takeshi Yatagai ; Dept. of Information and Computer Science, Keio University, 3-14-1 Hiyoshi, Kohoku, Yokohama, 223-8522 Japan, Email: ; Takamasa Isohara ; Iwao Sasase

Recently, there are many denial-of-service (DoS) attacks by computer viruses or botnet. DoS attacks to Web services are called HTTP-GET flood attack and threats of them increase day by day. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target Web server automatically. Since these HTTP-GET requests have legitimate formats and are sent via normal TCP connections, an intrusion detection system (IDS) can not detect them. In this paper, we propose HTTP-GET flood detection techniques based on analysis of page access behavior. We propose two detection algorithms, one is focusing on a browsing order of pages and the other is focusing on a correlation with browsing time to page information size. We implement detection techniques and evaluate attack detection rates, i.e., false positive and false negative. The results show that our techniques can detect the HTTP-GET flood attack effectively.

Published in:

2007 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing

Date of Conference:

22-24 Aug. 2007