{"title":"基于统一模型的Http泛洪攻击检测","authors":"D. Nashat, S. Khairy","doi":"10.1109/NaNA53684.2021.00024","DOIUrl":null,"url":null,"abstract":"The HTTP flooding attack is the most complicated type of DDoS attacks since the malicious packets are hidden in a huge amount of normal traffic. The present work introduce a new detection method for HTTP flooding attack according to the abnormal HTTP traffic behavior during attack time. The new scheme first keeps various statistical measurements for normal traffic attributes (e.g Request, Responses, Open connections, TCP packets, UDP packets and ICMP packets) as a reference profile. Then, the Mahalanobis distance between the reference profile and the statistical measurements of the incoming HTTP connection (i.e for every attribute) is computed during each interval of detection time. Finally, the detection decision is based on the probability of the uniform distribution. Two real traffic traces are used in our simulation to evaluate the detection efficiency of the proposed scheme by computing its detection rate and the probability of false positive and also false negative.","PeriodicalId":414672,"journal":{"name":"2021 International Conference on Networking and Network Applications (NaNA)","volume":"1947 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Detecting Http Flooding Attacks Based on Uniform Model\",\"authors\":\"D. Nashat, S. Khairy\",\"doi\":\"10.1109/NaNA53684.2021.00024\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The HTTP flooding attack is the most complicated type of DDoS attacks since the malicious packets are hidden in a huge amount of normal traffic. The present work introduce a new detection method for HTTP flooding attack according to the abnormal HTTP traffic behavior during attack time. The new scheme first keeps various statistical measurements for normal traffic attributes (e.g Request, Responses, Open connections, TCP packets, UDP packets and ICMP packets) as a reference profile. Then, the Mahalanobis distance between the reference profile and the statistical measurements of the incoming HTTP connection (i.e for every attribute) is computed during each interval of detection time. Finally, the detection decision is based on the probability of the uniform distribution. Two real traffic traces are used in our simulation to evaluate the detection efficiency of the proposed scheme by computing its detection rate and the probability of false positive and also false negative.\",\"PeriodicalId\":414672,\"journal\":{\"name\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"volume\":\"1947 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Networking and Network Applications (NaNA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NaNA53684.2021.00024\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA53684.2021.00024","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting Http Flooding Attacks Based on Uniform Model
The HTTP flooding attack is the most complicated type of DDoS attacks since the malicious packets are hidden in a huge amount of normal traffic. The present work introduce a new detection method for HTTP flooding attack according to the abnormal HTTP traffic behavior during attack time. The new scheme first keeps various statistical measurements for normal traffic attributes (e.g Request, Responses, Open connections, TCP packets, UDP packets and ICMP packets) as a reference profile. Then, the Mahalanobis distance between the reference profile and the statistical measurements of the incoming HTTP connection (i.e for every attribute) is computed during each interval of detection time. Finally, the detection decision is based on the probability of the uniform distribution. Two real traffic traces are used in our simulation to evaluate the detection efficiency of the proposed scheme by computing its detection rate and the probability of false positive and also false negative.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
