The content and access dynamics of a busy Web site: findings and implications
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Application-Integrated Data Collection for Security Monitoring
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
A Stateful Intrusion Detection System for World-Wide Web Servers
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A Serial Combination of Anomaly and Misuse IDSes Applied to HTTP Traffic
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Detection of Web-Based Attacks through Markovian Protocol Parsing
ISCC '05 Proceedings of the 10th IEEE Symposium on Computers and Communications
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
| Hi-index | 0.00 |
Countering network attacks is becoming ever more challenging. Web-based vulnerabilities represent a substantial portion of the security exposures of computer networks. In order to detect a new Web-based assault named shrew Distributed Denial of Service attacks based on HTTP flood, Principle Component Analysis and Independent Component Analysis are applied to abstract the multivariate observation vector. A novel anomaly detector based on hidden semi-Markov model is proposed. Experiment results based on real traffic trace and emulated attacks show, the scheme can be used effectively to implement the detection of the shrew HTTP flood attacks embedded in the normal flash crowd of large-scale Website; and the detection is not dependent on the intensity of attack traffic.