상세정보
학술대회
AIGG Threshold Based HTTP GET Flooding Attack Detection
- 발행일
- 201208
- 출처
- International Workshop on Information Security Applications (WISA) 2012 (LNCS 7690), v.7690, pp.270-284
- 협약과제
- 11MS4700, 신뢰기반 클라우스 컴퓨팅 서비스를 위한 알려지지 않은 가상화 기반 악성행위 탐지 및 분석기술 개발, 김익균
- 초록
- Distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based businesses. As the attackers focus on economic gain, the HTTP GET Flooding attacks against the business web servers become one of the most frequently attempted attacks. Furthermore, the attack is becoming more sophisticated. In order to detect those attacks, several algorithms are developed. However, even though the developed technologies can detect the sophisticated attacks some of them need lots of system resources [12,13]. Sometimes due to the time consuming processes the whole performance of DDoS defense systems is degraded and it becomes another problem. For that, we propose a simple threshold based HTTP GET flooding attack detection algorithm. The threshold is generated from the characteristics of HTTP GET Request behaviors. In this algorithm, based on the defined monitoring period (MP) and Time Slot (TS), we calculate the Average Inter-GET Request Packet Exist TS-Gap (AIGG). The AIGG is used for threshold extraction. For effective detection, the optimized MP, TS and the threshold value, are extracted. In addition, the proposed algorithm doesn?셳 need to analyze every HTTP GET request packet so it needs less CPU resources than the algorithms which have to analyze all the request packets.
- KSP 제안 키워드
- Attack Detection, DDoS defense, Defense system, Detection algorithm, Distributed denial-of-service(DDoS), Flooding attack, HTTP GET flooding, Internet infrastructure, Internet-based, Sophisticated attacks, Threshold Value