Optimizing the Pulsing Denial-of-Service Attacks
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
ISCC '05 Proceedings of the 10th IEEE Symposium on Computers and Communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Follow the (slash) dot: effects of feedback on new members in an online community
GROUP '05 Proceedings of the 2005 international ACM SIGGROUP conference on Supporting group work
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Analysis of low-rate TCP DoS attack against FAST TCP
ISDA '06 Proceedings of the Sixth International Conference on Intelligent Systems Design and Applications - Volume 03
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
Towards user-centric metrics for denial-of-service measurement
Proceedings of the 2007 workshop on Experimental computer science
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Monitoring the application-layer DDoS attacks for popular websites
IEEE/ACM Transactions on Networking (TON)
Engaging Edge Networks in Preventing and Mitigating Undesirable Network Traffic
NPSEC '07 Proceedings of the 2007 3rd IEEE Workshop on Secure Network Protocols
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Chaos theory based detection against network mimicking DDoS attacks
IEEE Communications Letters
Dynamic entropy based DoS attack detection method
Computers and Electrical Engineering
| Hi-index | 0.00 |
The article presented here discusses a system which characterizes HTTP traffic and discriminates between legitimate and other kinds of HTTP traffic, such as those generated by Botnets or distributed denial of service (DDoS) tools. The system presented in this paper uses three analyses that are sequentially applied to the traffic flow to detect abnormal users. Combining statistical methods as well as analysis of HTTP request paths and the access time to the different resources in the web server, we have labelled abnormal users in real traffic flow. First, we have tested our prototype in real traffic from a multi-site web server detecting all abnormal users, such as an illegitimate audit of the server, Google bot and web-crawlers. In a second experiment, the most common DDoS attacks were introduced in the real traffic flow. As a result, all suspicious users were detected and labelled.