HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by ...HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by modeling the behavior of normal web surfers.However,most of the existing anomaly-based detection approaches usually cannot filter the web-crawling traces from unknown searching bots mixed in normal web browsing logs.These web-crawling traces can bias the base-line profile of anomaly-based schemes in their training phase,and further degrade their detection performance.This paper proposes a novel web-crawling tracestolerated method to build baseline profile,and designs a new anomaly-based HTTP-flooding detection scheme(abbr.HTTP-sCAN).The simulation results show that HTTP-sCAN is immune to the interferences of unknown webcrawling traces,and can detect all HTTPflooding attacks.展开更多
In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to hi...In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.展开更多
基金supported by National Key Basic Research Program of China(973 program)under Grant No.2012CB315905National Natural Science Foundation of China under grants 61172048,61100184,60932005 and 61201128the Fundamental Research Funds for the Central Universities under Grant No ZYGX2011J007
文摘HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by modeling the behavior of normal web surfers.However,most of the existing anomaly-based detection approaches usually cannot filter the web-crawling traces from unknown searching bots mixed in normal web browsing logs.These web-crawling traces can bias the base-line profile of anomaly-based schemes in their training phase,and further degrade their detection performance.This paper proposes a novel web-crawling tracestolerated method to build baseline profile,and designs a new anomaly-based HTTP-flooding detection scheme(abbr.HTTP-sCAN).The simulation results show that HTTP-sCAN is immune to the interferences of unknown webcrawling traces,and can detect all HTTPflooding attacks.
文摘In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.
