Analysis of Defense Method for HTTP POST DDoS Attack base on Content-Length Control*
作者: Dong-Ho Won , Dae-Seob Lee
DOI:
关键词:
摘要: One of the OSI 7 Layer DDoS Attack, HTTP POST can deny legitimate service by web server resource depletion. This Attack be executed with less network traffic and TCP connections. Therefore, It is difficult to distinguish from users. In this paper, I propose an anomaly detection algorithm http each page Content-Length field size limit defense method for attack. Proposed showed result countermeasure without false negative positive use r-u-dead-yet attack tool self-developed tool.
koreascience.or.kr参考文章(9)
Song Huang, Ling Zhang, Shou-Ling Dong, A Behavior-Based Ingress Rate-Limiting Mechanism Against DoS/DDoS Attacks Information and Communications Security. pp. 231- 242 ,(2005) , 10.1007/11602897_20
Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems ACM Computing Surveys. ,vol. 39, pp. 3- ,(2007) , 10.1145/1216370.1216373
Mudhakar Srivatsa, Arun Iyengar, Jian Yin, Ling Liu, Mitigating application-level denial of service attacks on Web servers ACM Transactions on the Web. ,vol. 2, pp. 1- 49 ,(2008) , 10.1145/1377488.1377489
Jelena Mirkovic, Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms acm special interest group on data communication. ,vol. 34, pp. 39- 53 ,(2004) , 10.1145/997150.997156
Silva Adriana, None, Distributed denial of service attacks systems man and cybernetics. ,vol. 3, pp. 2275- 2280 ,(2000) , 10.1109/ICSMC.2000.886455
A. Kuzmanovic, E.W. Knightly, Low-rate TCP-targeted denial of service attacks and counter strategies IEEE ACM Transactions on Networking. ,vol. 14, pp. 683- 696 ,(2006) , 10.1109/TNET.2006.880180
Changwang Zhang, Jianping Yin, Zhiping Cai, Weifeng Chen, RRED: robust RED algorithm to counter low-rate denial-of-service attacks IEEE Communications Letters. ,vol. 14, pp. 489- 491 ,(2010) , 10.1109/LCOMM.2010.05.091407
Alefiya Hussain, John Heidemann, Christos Papadopoulos, A framework for classifying denial of service attacks Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications - SIGCOMM '03. pp. 99- 110 ,(2003) , 10.1145/863955.863968
Yi Xie, Shun-Zheng Yu, Monitoring the application-layer DDoS attacks for popular websites IEEE ACM Transactions on Networking. ,vol. 17, pp. 15- 25 ,(2009) , 10.1109/TNET.2008.925628