Web proxy servers
Temporal locality and its impact on Web proxy cache performance
Performance Evaluation - Special issue on internet performance modelling
Characterizing reference locality in the WWW
DIS '96 Proceedings of the fourth international conference on on Parallel and distributed information systems
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
A Model Selection Criterion for Classification: Application to HMM Topology Optimization
ICDAR '03 Proceedings of the Seventh International Conference on Document Analysis and Recognition - Volume 1
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
A hidden semi-Markov model for web workload self-similarity
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Detecting Denial-of-Service attacks using the wavelet transform
Computer Communications
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Traffic flooding attack detection with SNMP MIB using SVM
Computer Communications
Monitoring the application-layer DDoS attacks for popular websites
IEEE/ACM Transactions on Networking (TON)
DDoS-shield: DDoS-resilient scheduling to counter application layer attacks
IEEE/ACM Transactions on Networking (TON)
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors
IEEE/ACM Transactions on Networking (TON)
A Survey of Botnet Technology and Defenses
CATCH '09 Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security
Distributed packet pairing for reflector based DDoS attack mitigation
Computer Communications
Evaluation techniques for storage hierarchies
IBM Systems Journal
ACM Transactions on Computer Systems (TOCS)
Protection Against Denial of Service Attacks
The Computer Journal
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Traceback of DDoS Attacks Using Entropy Variations
IEEE Transactions on Parallel and Distributed Systems
Distributed denial of service attack detection using an ensemble of neural classifier
Computer Communications
Parametric methods for anomaly detection in aggregate traffic
IEEE/ACM Transactions on Networking (TON)
Data Mining: Concepts, Models, Methods, and Algorithms
Data Mining: Concepts, Models, Methods, and Algorithms
A Survey on Latest Botnet Attack and Defense
TRUSTCOM '11 Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications
DDoS defense mechanisms: a new taxonomy
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
IEEE Transactions on Signal Processing
Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient
IEEE Transactions on Parallel and Distributed Systems
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
Real-time detection of application-layer DDoS attack using time series analysis
Journal of Control Science and Engineering - Special issue on Advances in Methods for Networked and Cyber-Physical System
Hi-index | 0.24 |
Indirect attack mode has been a serious threat to server security due to the covert nature. This paper focuses on a new application-layer indirect attack which exploits the communication mechanism of proxy server to attack the targets. Such type of attacks is not easy to be discovered by most existing defense systems since malicious traffic hides in the aggregated traffic. Moreover, the sources of the attack traffic and normal traffic are indistinguishable, because both of them share the same IP of the last proxy server. In this paper a novel server-side defense scheme is proposed to resist such covert indirect attacks. An improved semi-Markov model is proposed to describe the dynamic behavior process of aggregated traffic. The model includes two stochastic processes. The observable process represents the changes in the appearance features of the observed traffic, while the unobservable process is a semi-Markov chain which represents the underlying time-varying patterns used to generate the outgoing traffic by a proxy server. An algorithm is proposed to estimate the model parameters. An objective function is defined to evaluate the normality of a proxy server's access behavior. Numerical results based on real traffic demonstrate the performance of the proposed method.