Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

BIFAD: Bio-Inspired Anomaly Based HTTP-Flood Attack Detection

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Application layer based DDoS attacks have changed the way DoS attacks are taking place with more subtle level of attacking methods being imparted, which pose an ever-increasing challenge towards the emerging trends of internet based application systems development. Among the key range of attacks that take place, HTTP flood DDoS attacks are on high. In the case of DDoS attacks based on HTTP flood, unusual quantum of requests are sent to the servers within quick time interval and it affects the response and the performance levels of the server . There are numerous solutions in contemporary literature, pertaining to thwarting HTTP flood kind of attacks. It is imperative from the analysis that there are constraints in the existing models since the most of these models are user session based and/or packet flow patterns. The session based evolution models are vulnerable to botnets and packet flow pattern based models are vulnerable if attack sources are equipped with human resource and/or proxy servers. Hence, there is inherent need for improving the solutions towards addressing the HTTP flood kind of attacks over the system. The crux for such system is about ensuring that fast and early detection with minimal false alarming in streaming network transactions, and ensures that the genuine requests are not impacted. To address such a system, the model of Bio-Inspired Anomaly based HTTP-flood detection aimed, and the proposed model depicted in detail along with experimental inputs. Results attained from the process exemplify the significance and robustness of the model towards achieving the objectives considered for the solution.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53.

    Article  Google Scholar 

  2. Kumar, K., Joshi, R. C., & Singh, K. (2007). A distributed approach using entropy to detect DDoS attacks in ISP domain. In Signal processing, communications and networking. IEEE.

  3. Singh, K., Singh, P., & Kumar, K. (2016). Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges. Computers and Security, 65, 344–372.

    Article  Google Scholar 

  4. Udhayan, J., & R. Anitha. (2009). Demystifying and rate limiting ICMP hosted DoS/DDoS flooding attacks with attack productivity analysis. In Advance computing conference, 2009. IACC 2009. IEEE International. IEEE.

  5. Chun-Tao, X., et al. (2012). An algorithm of detecting and defending CC attack in real time. In International conference on industrial control and electronics engineering (ICICEE), 2012. IEEE.

  6. Specht, S. M., & Lee, R. B. (2004). Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In ISCA PDCS.

  7. Byers, S., Rubin, A. D., & Kormann, D. (2004). Defending against an Internet-based attack on the physical world. ACM Transactions on Internet Technology (TOIT), 4(3), 239–254.

    Article  Google Scholar 

  8. Estevez-Tapiador, J. M., García-Teodoro, P., & Díaz-Verdejo, J. E. (2005) Detection of web-based attacks through Markovian protocol parsing. In 10th IEEE Symposium on Computers and Communications (ISCC’05). IEEE.

  9. Ishida, C., et al. (2005). Forecast techniques for predicting increase or decrease of attacks using Bayesian inference. In PACRIM. 2005 IEEE Pacific rim conference on communications, computers and signal processing, 2005. IEEE.

  10. Cacheda, R. A., et al. (2007). QoS requirements for multimedia services. Resource management in satellite networks (pp. 67–94). New York: Springer.

    Book  Google Scholar 

  11. Yang, X-S., & Deb S. (2009). Cuckoo search via Lévy flights. Nature & biologically inspired computing, 2009. NaBIC 2009. World Congress on. IEEE.

  12. Real, R., & Vargas, J. M. (1996). The probabilistic basis of Jaccard’s index of similarity. Systematic Biology, 45(3), 380–385.

    Article  Google Scholar 

  13. Yatagai, T., Takamasa I., & Iwao S. (2007). Detection of HTTP-GET flood attack based on analysis of page access behavior. In 2007 IEEE Pacific rim conference on communications, computers and signal processing. IEEE.

  14. Jin, J., Nodar, Im, C., & Nam, S. Y. (2010). Mitigating HTTP GET flooding attacks through modified NetFPGA reference router. 1-st Asia NetFPGA Developers Workshop, June 13–14, Daejeon, Korea.

  15. Xie, Y., & Yu, S.-Z. (2009). Monitoring the application-layer DDoS attacks for popular websites. IEEE/ACM Transactions on Networking, 17(1), 15–25.

    Article  Google Scholar 

  16. Lu, W-Z., & Yu, S. Z. (2016) An HTTP flooding detection method based on browser behavior. In 2006 international conference on computational intelligence and security, Vol. 2. IEEE.

  17. Lee, J-S., et al. (2008). The activity analysis of malicious http-based botnets using degree of periodic repeatability. In International conference on security technology, 2008. SECTECH’08. IEEE.

  18. Gulati, S., & Dhaliwal, A. (2013). Survey on ROQ attacks. International Journal of Advanced Research in Computer and Communication Engineering (IJARCCE), 2(4), 25–54.

    Google Scholar 

  19. Dittrich, D., et al. (2004). Internet denial of service: Attack and defense mechanisms. London: Pearson Education.

    Google Scholar 

  20. Shevtekar, A., & Ansari, N. (2009). Is it congestion or a DDoS attack? IEEE Communications Letters, 13(7), 546–548.

    Article  Google Scholar 

  21. Stevanovic, D., Vlajic, N., & An, A. (2013). Detection of malicious and non-malicious website visitors using unsupervised neural network learning. Applied Soft Computing, 13(1), 698–708.

    Article  Google Scholar 

  22. Das, D., Sharma, U., & Bhattacharyya D. K. (2011). Detection of HTTP flooding attacks in multiple scenarios. In Proceedings of the 2011 international conference on communication, computing and security. ACM.

  23. Baik, N-K, et al. (2008) Analysis and design of an intrusion tolerance node for application in traffic shaping. In International conference on control, automation and systems, 2008. ICCAS 2008. IEEE.

  24. Chen, Y. W. (2000). Study on the prevention of SYN flooding by using traffic policing. In Network operations and management symposium, 2000. NOMS 2000. 2000 IEEE/IFIP. IEEE.

  25. Garg, A., & Reddy, A. L. N. (2004). Mitigation of DoS attacks through QoS regulation. Microprocessors and Microsystems, 28(10), 521–530.

    Article  Google Scholar 

  26. Ranjan, S., et al. (2009). DDoS-shield: DDoS-resilient scheduling to counter application layer attacks. IEEE/ACM Transactions on Networking (TON), 17(1), 26–39.

    Article  MathSciNet  Google Scholar 

  27. Kandula, S., et al. (2005). Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In Proceedings of the 2nd conference on symposium on networked systems design & implementation, USENIX association Vol. 2..

  28. Xie, Y., & Yu, S.-Z. (2009). A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Transactions on Networking (TON), 17(1), 54–65.

    Article  Google Scholar 

  29. Ye, C., & Zheng, K. (2011). Detection of application layer distributed denial of service. In Computer science and network technology (ICCSNT), 2011 International Conference on. Vol. 1. IEEE.

  30. Hameed, S., & Ali, U. (2015).On the efficacy of live DDoS detection with Hadoop. arXiv preprint arXiv:1506.08953.

  31. Choi, J., et al. (2013). Detecting web based DDoS attack using map reduce operations in cloud computing environment. Journal of Internet Services and Information Security, 3(3/4), 28–37.

    Google Scholar 

  32. Choi, J., et al. (2014). A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment. Soft Computing, 18(9), 1697–1703.

    Article  Google Scholar 

  33. Razzaq, A., et al.(2011). Foundation of semantic rule engine to protect web application attacks. In 2011 Tenth international symposium on autonomous decentralized systems. IEEE.

  34. Ansarinia, M., et al. (2012). Ontology-based modeling of DDoS attacks for attack plan detection. In 2012 Sixth international symposium on telecommunications (IST). IEEE.

  35. Shenbagam, J., & Salini, P. (2014). Vulnerability ontology for web applications to predict and classify attacks. In 2014 International conference on electronics, communication and computational engineering (ICECCE). IEEE.

  36. Carmines, E. G., & Zeller, R. A. (1979). Reliability and validity assessment (Vol. 17). Singapore: Sage publications.

    Book  Google Scholar 

  37. Kiran, S., Mohapatra, A., & Swamy, R. (2015). Experiences in performance testing of web applications with Unified Authentication platform using Jmeter. In 2015 international symposium on technology management and emerging technologies (ISTMET). IEEE.

  38. NVIDIA (2015). PNY-NVIDIA-GeForce-GTX 960 4GB XLR8.pdf.

  39. Nvidia, C. U. D. A. (2009). Programming guide, version 2.3.

  40. Ihaka, R., & Gentleman, R. (1996). R: a language for data analysis and graphics. Journal of computational and graphical statistics, 5(3), 299–314.

    Google Scholar 

  41. Powers, D. M. (2011). Evaluation: From precision, recall and F-measure to ROC, informedness, markedness and correlation. Journal of Machine Learning Technologies, 2(1), 37–63.

    MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of CSE, JNTUH, Hyderabad, India

    K. Munivara Prasad

  2. Department of CSE, SVUCE, SV University, Tirupati, India

    A. Rama Mohan Reddy

  3. Department of CSE, GNITS, Hyderabad, India

    K. Venugopal Rao

Authors
  1. K. Munivara Prasad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Rama Mohan Reddy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. K. Venugopal Rao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Munivara Prasad.

Appendix

Appendix

See Tables 5 and 6.

Table 5 The values obtained from attack prone date for the selected features
Full size table
Table 6 The values obtained from normal data for the selected features
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Munivara Prasad, K., Rama Mohan Reddy, A. & Venugopal Rao, K. BIFAD: Bio-Inspired Anomaly Based HTTP-Flood Attack Detection. Wireless Pers Commun 97, 281–308 (2017). https://doi.org/10.1007/s11277-017-4505-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-4505-8

Keywords

Search

Navigation