One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of webservers. This attack has been researched in this report, and a novel, off-line clustering technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of information theoretical measurements to distinguish among legitimate and attacking sequences.
It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a webserver, that remain unknown for the attackers. Subsequently, statistical and information theoretical metrics are introduced to measure difference between a sequence of requests, and legitimate patterns of behaviour.The method recognises more than 80% of legitimate and attacking sequences, regardless of strategies chosen by attackers.
HTTP-GET Attack, Information Theory, Clustering, Intrusion Detection.