2013 | OriginalPaper | Buchkapitel
Detection of HTTP-GET Attack with Clustering and Information Theoretic Measurements
verfasst von : Pawel Chwalinski, Roman Belavkin, Xiaochun Cheng
Erschienen in: Foundations and Practice of Security
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
One of the attacks observed against HTTP protocol is HTTP-GET attack using sequences of requests to limit accessibility of webservers. This attack has been researched in this report, and a novel, off-line clustering technique has been developed to tackle it. In general, the technique uses entropy-based clustering and application of information theoretical measurements to distinguish among legitimate and attacking sequences.
It has been presented that the introduced method allows for formation of recent patterns of behaviours observed at a webserver, that remain unknown for the attackers. Subsequently, statistical and information theoretical metrics are introduced to measure difference between a sequence of requests, and legitimate patterns of behaviour.The method recognises more than 80% of legitimate and attacking sequences, regardless of strategies chosen by attackers.
Keywords:
HTTP-GET Attack, Information Theory, Clustering, Intrusion Detection.