Detecting Shrew HTTP Flood Attacks for Flash Crowds
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part I: ICCS 2007
Detection of HTTP flooding attacks in multiple scenarios
Proceedings of the 2011 International Conference on Communication, Computing & Security
Hybrid detection of application layer attacks using Markov models for normality and attacks
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Hi-index | 0.00 |
This paper presents a novel approach based on the monitoring of incoming HTTP requests to detect attacks against web servers. The detection is accomplished through a Markovian model whose states and transitions between them are determined from the specification of the HTTP protocol, while the probabilities of the symbols associated to the Markovian source are obtained during a training stage according to a set of attack-free requests for the target server. The experiments carried out show a high detection capability with low false positive rates at reasonable computation requirements.