BROWSE
Detail
Conference Paper
AIGG Threshold Based HTTP GET Flooding Attack Detection
Cited 12 time in 
Share 
Share
- Authors
- Yang-seo Choi, Ik-Kyun Kim, Jin-Tae Oh, Jong-Soo Jang
- Issue Date
- 2012-08
- Citation
- International Workshop on Information Security Applications (WISA) 2012 (LNCS 7690), v.7690, pp.270-284
- Publisher
- Springer
- Language
- English
- Type
- Conference Paper
- Abstract
- Distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based businesses. As the attackers focus on economic gain, the HTTP GET Flooding attacks against the business web servers become one of the most frequently attempted attacks. Furthermore, the attack is becoming more sophisticated. In order to detect those attacks, several algorithms are developed. However, even though the developed technologies can detect the sophisticated attacks some of them need lots of system resources [12,13]. Sometimes due to the time consuming processes the whole performance of DDoS defense systems is degraded and it becomes another problem. For that, we propose a simple threshold based HTTP GET flooding attack detection algorithm. The threshold is generated from the characteristics of HTTP GET Request behaviors. In this algorithm, based on the defined monitoring period (MP) and Time Slot (TS), we calculate the Average Inter-GET Request Packet Exist TS-Gap (AIGG). The AIGG is used for threshold extraction. For effective detection, the optimized MP, TS and the threshold value, are extracted. In addition, the proposed algorithm doesn?셳 need to analyze every HTTP GET request packet so it needs less CPU resources than the algorithms which have to analyze all the request packets.
- KSP Keywords
- Attack Detection, DDoS defense, Defense system, Detection algorithm, Distributed denial-of-service(DDoS), Flooding attack, HTTP GET flooding, Internet infrastructure, Internet-based, Sophisticated attacks, Threshold Value