IEEE Transactions on Software Engineering - Special issue on computer security and privacy
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
COOLCAT: an entropy-based algorithm for categorical clustering
Proceedings of the eleventh international conference on Information and knowledge management
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Entropy-based criterion in categorical clustering
ICML '04 Proceedings of the twenty-first international conference on Machine learning
A Novel Model for Detecting Application Layer DDoS Attacks
IMSCCS '06 Proceedings of the First International Multi-Symposiums on Computer and Computational Sciences - Volume 2 (IMSCCS'06) - Volume 02
Learning DFA representations of HTTP for protecting web applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Rough clustering of sequential data
Data & Knowledge Engineering
Mitigating application-level denial of service attacks on Web servers: A client-transparent approach
ACM Transactions on the Web (TWEB)
Monitoring the application-layer DDoS attacks for popular websites
IEEE/ACM Transactions on Networking (TON)
Adaptive web navigation for wireless devices
IJCAI'01 Proceedings of the 17th international joint conference on Artificial intelligence - Volume 2
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
WebPUM: A Web-based recommendation system to predict user future movements
Expert Systems with Applications: An International Journal
Massively parallel acceleration of a document-similarity classifier to detect web attacks
Journal of Parallel and Distributed Computing
A novel prediction model based on hierarchical characteristic of web site
Expert Systems with Applications: An International Journal
A two-tier system for web attack detection using linear discriminant method
ICICS'10 Proceedings of the 12th international conference on Information and communications security
SBAD: sequence based attack detection via sequence comparison
PSDML'10 Proceedings of the international ECML/PKDD conference on Privacy and security issues in data mining and machine learning
On nested palindromes in clickstream data
Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining
Hi-index | 0.00 |
One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of webservers. This attack has been researched in this report, and a novel, off-line clustering technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of information theoretical measurements to distinguish among legitimate and attacking sequences. It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a webserver, that remain unknown for the attackers. Subsequently, statistical and information theoretical metrics are introduced to measure difference between a sequence of requests, and legitimate patterns of behaviour.The method recognises more than 80% of legitimate and attacking sequences, regardless of strategies chosen by attackers.