Access Log Generator for Analyzing Malicious Website Browsing Behaviors

In recent years, the target of the Denial-of-Service attacks, such as the Http flooding attack, have been switched from the Network Layer to the Application Layer. Various attacking schemes are adopted by the attackers to break down the website server, some of them send tremendous amount of packets to break down the target host, others send specific request packets to keep the website server busy in performing great amount of computations or searches of the database. In order to develop a detection scheme to detect Denial-of-service attacks, one needs log data for analysis of browsing behaviors of users. But suitable log data are not easy to obtain and some of available ones are out of date and are not appropriate for analyzing behaviors of present networks. So, we propose an access log generator to generate access logs with characteristics of browsing behaviors for the particular website under investigation. We also include malicious behaviors into the generated access log, which is combined with actual access log of the website for further tests and analyses.

[1]  Roy T. Fielding,et al.  The Apache HTTP Server Project , 1997, IEEE Internet Comput..

[2]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[3]  Bong-Nam Noh,et al.  The Activity Analysis of Malicious HTTP-Based Botnets Using Degree of Periodic Repeatability , 2008, 2008 International Conference on Security Technology.

[4]  Dianfu Ma,et al.  An Adaptive Transport Framework for Web Services , 2008, International Symposium on Computer Science and its Applications.

[5]  Shun-Zheng Yu,et al.  An HTTP Flooding Detection Method Based on Browser Behavior , 2006, 2006 International Conference on Computational Intelligence and Security.

[6]  Xiaozhu Lin,et al.  An Automatic Scheme to Categorize User Sessions in Modern HTTP Traffic , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[7]  Xie Yi,et al.  Anomaly Detection Based on Web Users’ Browsing Behaviors , 2007 .

[8]  Chu-Hsing Lin,et al.  Detection Method Based on Reverse Proxy against Web Flooding Attacks , 2008, 2008 Eighth International Conference on Intelligent Systems Design and Applications.

[9]  Xizhao Wang,et al.  Covariance-Matrix Modeling and Detecting Various Flooding Attacks , 2007, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[10]  Meng Zhang,et al.  Denial of Service Attack Simulation Based-on CASL , 2007, 2007 International Workshop on Anti-Counterfeiting, Security and Identification (ASID).