HTTP-sCAN:Detecting HTTP-Flooding Attack by Modeling Multi-Features of Web Browsing Behavior from Noisy Web-Logs 被引量：3

HTTP-sCAN:Detecting HTTP-Flooding Attack by Modeling Multi-Features of Web Browsing Behavior from Noisy Web-Logs

下载PDF

导出

摘要 HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by modeling the behavior of normal web surfers.However,most of the existing anomaly-based detection approaches usually cannot filter the web-crawling traces from unknown searching bots mixed in normal web browsing logs.These web-crawling traces can bias the base-line profile of anomaly-based schemes in their training phase,and further degrade their detection performance.This paper proposes a novel web-crawling tracestolerated method to build baseline profile,and designs a new anomaly-based HTTP-flooding detection scheme(abbr.HTTP-sCAN).The simulation results show that HTTP-sCAN is immune to the interferences of unknown webcrawling traces,and can detect all HTTPflooding attacks. HTTP-flooding attack disables the victimized web server by sending a large number of HTTP Get requests.Recent research tends to detect HTTP-flooding with the anomaly-based approaches,which detect the HTTP-flooding by modeling the behavior of normal web surfers.However,most of the existing anomaly-based detection approaches usually cannot filter the web-crawling traces from unknown searching bots mixed in normal web browsing logs.These web-crawling traces can bias the base-line profile of anomaly-based schemes in their training phase,and further degrade their detection performance.This paper proposes a novel web-crawling tracestolerated method to build baseline profile,and designs a new anomaly-based HTTP-flooding detection scheme（abbr.HTTP-sCAN）.The simulation results show that HTTP-sCAN is immune to the interferences of unknown webcrawling traces,and can detect all HTTPflooding attacks.

作者 WANG Jin ZHANG Min YANG Xiaolong LONG Keping XU Jie

机构地区 School of Computer and Communications Engineering Network Center of Chengdu University Research Center for Optical Internet & Mobile Information Network

出处《China Communications》 SCIE CSCD 2015年第2期118-128,共11页 中国通信（英文版）

基金 supported by National Key Basic Research Program of China(973 program)under Grant No.2012CB315905 National Natural Science Foundation of China under grants 61172048,61100184,60932005 and 61201128 the Fundamental Research Funds for the Central Universities under Grant No ZYGX2011J007

关键词 Flooding攻击 Web服务器检测性能 HTTP 网络日志浏览行为扫描 flooding攻击 IP network DDoS relative entropy cluster algorithm

分类号 TP393.08 [自动化与计算机技术—计算机应用技术] TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献26

1CRAIG L. Botnets, DDoS and Ground Truth A Look at 5000 Operator Confirmed Attacks [R]. NANOG50, Oct. 2010, Atlanta, Georgia, USA.
2JUNG J, KRISHNAMURTHY B, RABINOVlCH M. Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites[C]. Proc. IEEE WWW, pp. 252-262, May 2002, Honolulu, Hawaii, USA.
3XIE Yi, YU Shunzheng. Monitoring the applica- tion-layer DDoS attacks for popular websites [J] IEEE/ACM Trans. On Networks, 2009, vol. 17(1), DO. 15-25.
4RAN JAN S, SWAMINATHAN R, et al. DDoS-Re- silient scheduling to counter application layer attacks under imperfect detecting [J]. IEEE/ACM Trans. On Networks, 2009, vol. 17(1), pp. 26-39.
5OIKONOMOU G, MIRKOVIC J. Modeling hu- man behavior for defense against flash-crowd attacks [C]. Proc. IEEE ICC, 2009, Dresden, Ger- man, pp. 1-7.
6XIE YI, YU Shunzheng. A large-scale hidden semi-markov model for anomaly detection on user browsing behaviors [J]. IEEE/ACM Trans on Networks, 2009, vol. 17(1), pp. 54-65.
7WANG Jin, YANG Xiaolong, LONG Keping. Web DDoS Detection Schemes Based on Measuring User's Access Behavior with Large Deviation [C]. Proc. IEEE Globecom, Dec. 2011, Houston, TX, USA. pp: 1-5.
8STEVANOVlC D, AN A., VLAJIC N. Detection of Malicious and Non-malicious Website Visitors Using Unsupervised Neural Network Learning [J]. Elsevier Applied Soft Computing, January 2013, Vol. 13(1), pp: 698-708.
9LEE et al. Sequence-order-independent network profiling for detecting application layer DDoS attacks [J]. EURASIP Journal on Wireless Com- munications and Networking 2011 2011:50.
10YATAGAI T, ISOHARA T, SASASE I. Detection of HTTP-GET flood attack based on analysis of page access behavior [C], in Proceedings IEEE Pacific RIM Conference on Communications, Computers, and Signal Processing, 2007, Victo- ria, BC, pp: 232-235.

同被引文献5

1Peter Dely,Andreas Kassler,Lawrence Chow,Nicholas Bambos,Nico Bayer,Hans Einsiedler,Christoph Peylo,Daniel Mellado,Miguel Sanchez.A software-defined networking approach for handover management with real-time video in WLANs[J].Journal of Modern Transportation,2013,21(1):58-65. 被引量：3
2左青云,陈鸣,赵广松,邢长友,张国敏,蒋培成.基于OpenFlow的SDN技术研究[J].软件学报,2013,24(5):1078-1097. 被引量：420
3董仕,李瑞轩,李晓林.基于软件定义数据中心网络的节能路由算法[J].计算机研究与发展,2015,52(4):806-812. 被引量：26
4PENG Hongyu,WANG Weidong,WANG Chaowei,CHEN Gang,ZHANG Yinghai.A SDN-Based Energy Saving Strategy in Wireless Access Networks[J].China Communications,2015,12(8):132-145. 被引量：2
5王永刚.改进EHO算法在无线传感网络入侵检测中的应用[J].黑龙江工业学院学报（综合版）,2021,21(4):96-101. 被引量：5

引证文献3

1何国银,胡欣岳.SDN在无线局域网中的研究进展[J].电脑知识与技术,2016,12(1Z):25-30. 被引量：3
2李钊,张先荣,郭帆.一种基于Web日志的混合入侵检测方法[J].黑龙江工业学院学报（综合版）,2022,22(7):47-52. 被引量：3
3刘果,陈凡,李剑锋,吴京京.构建SDN仿真实验平台的探讨与实践[J].软件,2015,36(6):103-108. 被引量：9

二级引证文献15

1闫龙,王剑锋,李霜冰,王建波,冯宝.配用电业务统一承载网络关键技术及实现方案[J].电力信息与通信技术,2016,14(10):56-62. 被引量：4
2孙旸,李博宇.探究无线局域网与IEEE80211协议[J].中国新通信,2017,19(4):3-3.
3黄嵩.基于SDN架构的无线局域网安全研究[J].电脑知识与技术,2017,13(5):40-41. 被引量：1
4王德强,王敢甫.基于Mininet的胖树SDN网络仿真[J].软件,2017,38(9):46-50. 被引量：3
5李嘉麒,孙恩昌,王卓,王金京,张延华.软件定义无线网络-综述与展望[J].中国电子科学研究院学报,2017,12(6):570-578. 被引量：5
6关颖,黄飞.内燃机车通信软件研发平台[J].软件,2018,39(3):119-122. 被引量：1
7郭露芳,周巧儿,陈典泽,孙治鑫.测量距离对普朗克常数测定的影响[J].软件,2018,39(9):27-30.
8黄家玮,李淑平,计玮,王疆盛,王伟平.基于SDN架构的网络空间安全实验教学设计[J].实验科学与技术,2018,16(5):43-46. 被引量：4
9韩江洪,连正杰,刘征宇.基于CDN与SDN结合的多区域划分融合架构[J].合肥工业大学学报（自然科学版）,2019,42(3):398-402. 被引量：1
10冯靖禹,韩韧,张宇峰,辛昱鋆.基于离散元法的雪崩效应的仿真研究[J].软件,2020,41(7):264-268. 被引量：2

1WANG Jing GUAN Xuetao CHENG Xu.Energy-Efficient Web Browsing over IEEE 802.11 Wireless Networks[J].Chinese Journal of Electronics,2012,21(1):144-148.
2宋春玉,廉龙颖,王艳涛,高殿武.一种可抗TCP Flooding攻击的网络流量监测机制[J].计算机系统应用,2013,22(6):176-178. 被引量：2
3仇小锋,陈鸣,蒋序平.基于策略系统的SYN Flooding攻击防御机制[J].电信科学,2004,20(1):12-17. 被引量：2
4Yi Ping,Hou Yafei,Zhong Yiping,Zhang Shiyong,Dai Zhoulin.Flooding attack and defence in Ad hoc networks[J].Journal of Systems Engineering and Electronics,2006,17(2):410-416. 被引量：5
5李海伟,张大方,刘俊,杨晓波.一种基于主动探测机制的SYN Flooding攻击检测方法[J].计算机科学,2010,37(3):117-120. 被引量：1
6来犇,张怡.基于改进CUSUM算法的僵尸网络流量异常检测[J].中国电子商情（通信市场）,2012(3):100-107. 被引量：1
7快意江湖.Windows目录下几大需清理的地方[J].网络与信息,2008(3):55-55.
8WANG Jin,YANG XiaoLong,ZHANG Min,LONG KePing,XU Jie.HTTP-SoLDiER: An HTTP-flooding attack detection scheme with the large deviation principle[J].Science China(Information Sciences),2014,57(10):1-15. 被引量：3
9易平,钟亦平,张世永.移动adhoc网络中DOS攻击及其防御机制[J].计算机研究与发展,2005,42(4):697-704. 被引量：15
10利用IBM无障碍解决方案,实现网站个性化轻松浏览[J].互联网天地,2006(3):78-78.

China Communications

2015年第2期

浏览历史

内容加载中请稍等...

HTTP-sCAN:Detecting HTTP-Flooding Attack by Modeling Multi-Features of Web Browsing Behavior from Noisy Web-Logs 被引量：3

参考文献26

同被引文献5

引证文献3

二级引证文献15

相关作者

相关机构

相关主题

浏览历史