An HTTP Flooding Detection Method Based on Browser Behavior
暂无分享,去创建一个
HTTP flooding is an attack that uses enormous useless packets to jam a Web server. In this paper, we use hidden semi-Markov models (HSMM) to describe Web-browsing patterns and detect HTTP flooding attacks. We first use a large number of legitimate request sequences to train an HSMM model and then use this legitimate model to check each incoming request sequence. Abnormal Web traffic whose likelihood falls into unreasonable range for the legitimate model would be classified as potential attack traffic and should be controlled with special actions such as filtering or limiting the traffic. Finally we validate our approach by testing the method with real data. The result shows that our method can detect the anomaly Web traffic effectively
[1] H. Kobayashi,et al. An efficient forward-backward algorithm for an explicit-duration hidden Markov model , 2003, IEEE Signal Processing Letters.
[2] Bruce A. Mah,et al. An empirical model of HTTP network traffic , 1997, Proceedings of INFOCOM '97.
[3] Aviel D. Rubin,et al. Defending against an Internet-based attack on the physical world , 2002, TOIT.
[4] Lawrence R. Rabiner,et al. A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.