Skip to main content
SpringerLink
Log in

AIGG Threshold Based HTTP GET Flooding Attack Detection

  • Conference paper
Information Security Applications (WISA 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7690))

Included in the following conference series:

Abstract

Distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based businesses. As the attackers focus on economic gain, the HTTP GET Flooding attacks against the business web servers become one of the most frequently attempted attacks. Furthermore, the attack is becoming more sophisticated. In order to detect those attacks, several algorithms are developed. However, even though the developed technologies can detect the sophisticated attacks some of them need lots of system resources [12,13]. Sometimes due to the time consuming processes the whole performance of DDoS defense systems is degraded and it becomes another problem. For that, we propose a simple threshold based HTTP GET flooding attack detection algorithm. The threshold is generated from the characteristics of HTTP GET Request behaviors. In this algorithm, based on the defined monitoring period (MP) and Time Slot (TS), we calculate the Average Inter-GET_Request_Packet_Exist_TS-Gap (AIGG). The AIGG is used for threshold extraction. For effective detection, the optimized MP, TS and the threshold value, are extracted. In addition, the proposed algorithm doesn’t need to analyze every HTTP GET request packet so it needs less CPU resources than the algorithms which have to analyze all the request packets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arbor Networks ASERT Team: South Korea and US DDoS Attacks. ARBOR Networks (July 10, 2009)

    Google Scholar 

  2. Youm, H.Y.: Korea’s experience of massive DDoS attacks from Botnet, ITU-T SG 17, Geneva (April 12, 2011), http://www.itu.int/en/ITU-T/studygroups/com17/Documents/tutorials/2011/ITU-T-ddos-tutorial-20110412-hyyoum.pdf

  3. Monthly Internet Incidents Trends and Analysis, 2011. vol.12, Korea Internet & Security Agency (January 2012)

    Google Scholar 

  4. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication 34(2), 39–53 (2004)

    Article  Google Scholar 

  5. Mirkovic, J., Prier, G., Reiher, P.: Attacking DDoS at the Source. In: Proceedings of ICNP 2002, Paris, France, pp. 312–321 (November 2002)

    Google Scholar 

  6. Tupakula, U., Varadharajan, V.: A Practical Method to Counteract Denial of Service Attacks. In: Proceedings of ACSC 2003, Adelaide, Australia, pp. 275–284 (2003)

    Google Scholar 

  7. Lu, L., Chan, M., Chang, E.: Analysis of a General Probabilistic Packet Marking Model for IP Traceback. In: Proceedings of ASIACCS 2008 (2008)

    Google Scholar 

  8. Stone, R.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. In: Proceeding of 9th Usenix Security Symposium (2002)

    Google Scholar 

  9. Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transations on Parallel and Distributed Systems (2007)

    Google Scholar 

  10. Yatagai, T., Isohara, T., Sasase, I.: Detection of HTTP-GET flood Attack Based on Analysis of Page Access Behavior. In: Proceeding of PACRIM 2007, pp. 232–235 (2007)

    Google Scholar 

  11. Lu, W.Z., Yu, S.Z.: An HTTP Flooding Detection Method Based on Browser Behavior. In: International Conference on IEEE Computational Intelligence and Security 2006, vol. 2, pp. 1151–1154 (November 2006)

    Google Scholar 

  12. Xie, Y., Yu, S.: A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors. IEEE/ACM Transactions on Networking (2009)

    Google Scholar 

  13. Ranjan, S., Swaminathan, R., Uysal, M., et al.: DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks. IEEE/ACM Transactions on Networking 7(1), 26–39 (2009)

    Article  Google Scholar 

  14. Sen, J.: A Robust Mechanism for Defending Distributed Denial of Service Attacks On Web Servers. International Journal of Network Security & Its Applications (IJNSA) 3(2) (March 2011)

    Google Scholar 

  15. Das, D., Sharma, U., Bhattacharyya, D.K.: Detection of HTTP Flooding Attacks in Multiple Scenarios. In: Proceedings of the 2011 International Conference on Communication, Computing & Security (ICCCS 2011), pp. 517–522 (2011)

    Google Scholar 

  16. Liang, J., Naoumov, N., Ross, K.W.: The Index Poisoning Attack in P2P File Sharing Systems. In: Proceedings of INFOCOM 2006 (2006)

    Google Scholar 

  17. Yu, J., Fang, C., Lu, L., Li, Z.: A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks. In: The 4th International ICST Conference on Scalable Information Systems (INFOSCALE 2009), Hong Kong, China, June 10-11 (2009)

    Google Scholar 

  18. Xie, Y., Yu, S.: Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on Networking (2009)

    Google Scholar 

  19. Nazario, J.: BlackEnergy DDoS Bot Anaysis. ARBOR Networks (October 2007)

    Google Scholar 

  20. Han, K., Im, E.: A Study on the Analysis of Netbot and Design of Detection Framework. In: Proceedings of JWIS 2009 (2009)

    Google Scholar 

  21. Electronics and Communications Research Institute (ETRI), http://www.etri.re.kr

  22. Slowloris, http://ha.ckers.org/slowloris/

  23. R.U.D.Y, http://code.google.com/p/r-u-dead-yet/

  24. Universal HTTP Denial-of-Service,Hybrid Security, http://www.hybridsec.com/papers/OWASP-Universal-HTTP-DoS.ppt

Download references

Author information

Authors and Affiliations

  1. Cyber Security-Convergence Research Department, ETRI, 218, Gajeong-no, Yuseong-gu, Daejeon, 305-700, South Korea

    Yang-seo Choi, Ik-Kyun Kim, Jin-Tae Oh & Jong-Soo Jang

Authors
  1. Yang-seo Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ik-Kyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jin-Tae Oh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jong-Soo Jang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Center for Information Security Technologies, Korea University, Anam-dong 5(o)-ga, 136-713, Seoul, Korea

    Dong Hoon Lee

  2. Computer Science Department, Columbia University, Amsterdam Avenue 1214, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Choi, Ys., Kim, IK., Oh, JT., Jang, JS. (2012). AIGG Threshold Based HTTP GET Flooding Attack Detection. In: Lee, D.H., Yung, M. (eds) Information Security Applications. WISA 2012. Lecture Notes in Computer Science, vol 7690. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35416-8_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35416-8_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35415-1

  • Online ISBN: 978-3-642-35416-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation