Evaluating Associativity in CPU Caches
IEEE Transactions on Computers
ACM Computing Surveys (CSUR)
Temporal locality and its impact on Web proxy cache performance
Performance Evaluation - Special issue on internet performance modelling
Characterizing reference locality in the WWW
DIS '96 Proceedings of the fourth international conference on on Parallel and distributed information systems
A hidden semi-Markov model for web workload self-similarity
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Web Proxy and cache play important roles in the modern Internet. Although much work has been done on them, few studies were focused on the fact that these trusted intermediaries may be utilized to launch Web-based attacks and to shield the attackers' malicious behavior. This paper fills an void in this area by proposing a new server-side detection scheme based on the behavior characteristics of proxy-to-server Web traffic. Proxy's access behavior is extracted from the temporal locality and the bytes of the requested objects. A stochastic process based on Gaussian mixtures hidden semi-Markov model is applied to describe the dynamic variability of the observed variables. The entropies of those pending Web traffics launched by proxies fitting to the model are used as the criterion for attack detection. Experiments based on the real Web traffic and an emulated attack are implemented to valid the proposal.