AIGG Threshold Based HTTP GET Flooding Attack Detection View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2012

AUTHORS

Yang-seo Choi , Ik-Kyun Kim , Jin-Tae Oh , Jong-Soo Jang

ABSTRACT

Distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based businesses. As the attackers focus on economic gain, the HTTP GET Flooding attacks against the business web servers become one of the most frequently attempted attacks. Furthermore, the attack is becoming more sophisticated. In order to detect those attacks, several algorithms are developed. However, even though the developed technologies can detect the sophisticated attacks some of them need lots of system resources [12,13]. Sometimes due to the time consuming processes the whole performance of DDoS defense systems is degraded and it becomes another problem. For that, we propose a simple threshold based HTTP GET flooding attack detection algorithm. The threshold is generated from the characteristics of HTTP GET Request behaviors. In this algorithm, based on the defined monitoring period (MP) and Time Slot (TS), we calculate the Average Inter-GET_Request_Packet_Exist_TS-Gap (AIGG). The AIGG is used for threshold extraction. For effective detection, the optimized MP, TS and the threshold value, are extracted. In addition, the proposed algorithm doesn’t need to analyze every HTTP GET request packet so it needs less CPU resources than the algorithms which have to analyze all the request packets. More... »

PAGES

270-284

References to SciGraph publications

Book

TITLE

Information Security Applications

ISBN

978-3-642-35415-1
978-3-642-35416-8

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-642-35416-8_19

DOI

http://dx.doi.org/10.1007/978-3-642-35416-8_19

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1028640044


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Electronics and Telecommunications Research Institute", 
          "id": "https://www.grid.ac/institutes/grid.36303.35", 
          "name": [
            "Cyber Security-Convergence Research Department, ETRI, 218, Gajeong-no, Yuseong-gu, Daejeon, 305-700, South Korea"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Choi", 
        "givenName": "Yang-seo", 
        "id": "sg:person.07736736115.06", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07736736115.06"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Electronics and Telecommunications Research Institute", 
          "id": "https://www.grid.ac/institutes/grid.36303.35", 
          "name": [
            "Cyber Security-Convergence Research Department, ETRI, 218, Gajeong-no, Yuseong-gu, Daejeon, 305-700, South Korea"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Kim", 
        "givenName": "Ik-Kyun", 
        "id": "sg:person.012374141605.27", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012374141605.27"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Electronics and Telecommunications Research Institute", 
          "id": "https://www.grid.ac/institutes/grid.36303.35", 
          "name": [
            "Cyber Security-Convergence Research Department, ETRI, 218, Gajeong-no, Yuseong-gu, Daejeon, 305-700, South Korea"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Oh", 
        "givenName": "Jin-Tae", 
        "id": "sg:person.015322546417.44", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015322546417.44"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Electronics and Telecommunications Research Institute", 
          "id": "https://www.grid.ac/institutes/grid.36303.35", 
          "name": [
            "Cyber Security-Convergence Research Department, ETRI, 218, Gajeong-no, Yuseong-gu, Daejeon, 305-700, South Korea"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Jang", 
        "givenName": "Jong-Soo", 
        "id": "sg:person.010316410070.01", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010316410070.01"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "https://doi.org/10.1145/997150.997156", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1020238858"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1947940.1948047", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1045524620"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-642-10485-5_13", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1051725512", 
          "https://doi.org/10.1007/978-3-642-10485-5_13"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-642-10485-5_13", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1051725512", 
          "https://doi.org/10.1007/978-3-642-10485-5_13"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tnet.2008.923716", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061715032"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tnet.2008.925628", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061715044"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tnet.2008.926503", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061715055"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/tpds.2007.1111", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1061753138"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.5121/ijnsa.2011.3213", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1072619591"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/infocom.2006.232", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093716177"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/pacrim.2007.4313218", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1095156541"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/icnp.2002.1181418", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1095794931"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2012", 
    "datePublishedReg": "2012-01-01", 
    "description": "Distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based businesses. As the attackers focus on economic gain, the HTTP GET Flooding attacks against the business web servers become one of the most frequently attempted attacks. Furthermore, the attack is becoming more sophisticated. In order to detect those attacks, several algorithms are developed. However, even though the developed technologies can detect the sophisticated attacks some of them need lots of system resources [12,13]. Sometimes due to the time consuming processes the whole performance of DDoS defense systems is degraded and it becomes another problem. For that, we propose a simple threshold based HTTP GET flooding attack detection algorithm. The threshold is generated from the characteristics of HTTP GET Request behaviors. In this algorithm, based on the defined monitoring period (MP) and Time Slot (TS), we calculate the Average Inter-GET_Request_Packet_Exist_TS-Gap (AIGG). The AIGG is used for threshold extraction. For effective detection, the optimized MP, TS and the threshold value, are extracted. In addition, the proposed algorithm doesn\u2019t need to analyze every HTTP GET request packet so it needs less CPU resources than the algorithms which have to analyze all the request packets.", 
    "editor": [
      {
        "familyName": "Lee", 
        "givenName": "Dong Hoon", 
        "type": "Person"
      }, 
      {
        "familyName": "Yung", 
        "givenName": "Moti", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-642-35416-8_19", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-642-35415-1", 
        "978-3-642-35416-8"
      ], 
      "name": "Information Security Applications", 
      "type": "Book"
    }, 
    "name": "AIGG Threshold Based HTTP GET Flooding Attack Detection", 
    "pagination": "270-284", 
    "productId": [
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-642-35416-8_19"
        ]
      }, 
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "886e9b44936040398d23123bc378a8bee5e2d679bb37057468f816443bded221"
        ]
      }, 
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1028640044"
        ]
      }
    ], 
    "publisher": {
      "location": "Berlin, Heidelberg", 
      "name": "Springer Berlin Heidelberg", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-642-35416-8_19", 
      "https://app.dimensions.ai/details/publication/pub.1028640044"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2019-04-15T10:34", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000001_0000000264/records_8659_00000261.jsonl", 
    "type": "Chapter", 
    "url": "http://link.springer.com/10.1007/978-3-642-35416-8_19"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-35416-8_19'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-35416-8_19'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-35416-8_19'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-642-35416-8_19'


 

This table displays all metadata directly associated to this object as RDF triples.

125 TRIPLES      23 PREDICATES      38 URIs      20 LITERALS      8 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-642-35416-8_19 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author Nc0c0ee79b5694137a06080c0853f1fcd
4 schema:citation sg:pub.10.1007/978-3-642-10485-5_13
5 https://doi.org/10.1109/icnp.2002.1181418
6 https://doi.org/10.1109/infocom.2006.232
7 https://doi.org/10.1109/pacrim.2007.4313218
8 https://doi.org/10.1109/tnet.2008.923716
9 https://doi.org/10.1109/tnet.2008.925628
10 https://doi.org/10.1109/tnet.2008.926503
11 https://doi.org/10.1109/tpds.2007.1111
12 https://doi.org/10.1145/1947940.1948047
13 https://doi.org/10.1145/997150.997156
14 https://doi.org/10.5121/ijnsa.2011.3213
15 schema:datePublished 2012
16 schema:datePublishedReg 2012-01-01
17 schema:description Distributed denial-of-service (DDoS) attacks still pose unpredictable threats to the Internet infrastructure and Internet-based businesses. As the attackers focus on economic gain, the HTTP GET Flooding attacks against the business web servers become one of the most frequently attempted attacks. Furthermore, the attack is becoming more sophisticated. In order to detect those attacks, several algorithms are developed. However, even though the developed technologies can detect the sophisticated attacks some of them need lots of system resources [12,13]. Sometimes due to the time consuming processes the whole performance of DDoS defense systems is degraded and it becomes another problem. For that, we propose a simple threshold based HTTP GET flooding attack detection algorithm. The threshold is generated from the characteristics of HTTP GET Request behaviors. In this algorithm, based on the defined monitoring period (MP) and Time Slot (TS), we calculate the Average Inter-GET_Request_Packet_Exist_TS-Gap (AIGG). The AIGG is used for threshold extraction. For effective detection, the optimized MP, TS and the threshold value, are extracted. In addition, the proposed algorithm doesn’t need to analyze every HTTP GET request packet so it needs less CPU resources than the algorithms which have to analyze all the request packets.
18 schema:editor Na4224c67518b4c429f9d3a3d81592f6e
19 schema:genre chapter
20 schema:inLanguage en
21 schema:isAccessibleForFree false
22 schema:isPartOf N8fb70f38dacf48ad84b5703c30953714
23 schema:name AIGG Threshold Based HTTP GET Flooding Attack Detection
24 schema:pagination 270-284
25 schema:productId N0fa71eb240364b8784c2d53b15a966e0
26 N147300f7a4ce4ca79dfe6a4b4d0a2e29
27 N2c280c28e5d54e5dbab79460afa0c672
28 schema:publisher N562648abe5ad46aea653399163d35897
29 schema:sameAs https://app.dimensions.ai/details/publication/pub.1028640044
30 https://doi.org/10.1007/978-3-642-35416-8_19
31 schema:sdDatePublished 2019-04-15T10:34
32 schema:sdLicense https://scigraph.springernature.com/explorer/license/
33 schema:sdPublisher N2865be8ace1b4d54afff8f60fa4317b2
34 schema:url http://link.springer.com/10.1007/978-3-642-35416-8_19
35 sgo:license sg:explorer/license/
36 sgo:sdDataset chapters
37 rdf:type schema:Chapter
38 N0f9c2a4f62e14d0190eea5f1a32fec69 schema:familyName Yung
39 schema:givenName Moti
40 rdf:type schema:Person
41 N0fa71eb240364b8784c2d53b15a966e0 schema:name doi
42 schema:value 10.1007/978-3-642-35416-8_19
43 rdf:type schema:PropertyValue
44 N147300f7a4ce4ca79dfe6a4b4d0a2e29 schema:name dimensions_id
45 schema:value pub.1028640044
46 rdf:type schema:PropertyValue
47 N2865be8ace1b4d54afff8f60fa4317b2 schema:name Springer Nature - SN SciGraph project
48 rdf:type schema:Organization
49 N2c280c28e5d54e5dbab79460afa0c672 schema:name readcube_id
50 schema:value 886e9b44936040398d23123bc378a8bee5e2d679bb37057468f816443bded221
51 rdf:type schema:PropertyValue
52 N562648abe5ad46aea653399163d35897 schema:location Berlin, Heidelberg
53 schema:name Springer Berlin Heidelberg
54 rdf:type schema:Organisation
55 N79fad3259e524fffb8226ee5440e9a49 rdf:first N0f9c2a4f62e14d0190eea5f1a32fec69
56 rdf:rest rdf:nil
57 N7c390d1a486d48ac973ca74effe3b953 schema:familyName Lee
58 schema:givenName Dong Hoon
59 rdf:type schema:Person
60 N8fb70f38dacf48ad84b5703c30953714 schema:isbn 978-3-642-35415-1
61 978-3-642-35416-8
62 schema:name Information Security Applications
63 rdf:type schema:Book
64 Na4224c67518b4c429f9d3a3d81592f6e rdf:first N7c390d1a486d48ac973ca74effe3b953
65 rdf:rest N79fad3259e524fffb8226ee5440e9a49
66 Nc0c0ee79b5694137a06080c0853f1fcd rdf:first sg:person.07736736115.06
67 rdf:rest Nc2289a0e0aa746fd8c75ca51386a9986
68 Nc2289a0e0aa746fd8c75ca51386a9986 rdf:first sg:person.012374141605.27
69 rdf:rest Ndb0ed17fa34948b7af46494713621ac7
70 Ndb0ed17fa34948b7af46494713621ac7 rdf:first sg:person.015322546417.44
71 rdf:rest Nee99c46f65d84a3cb9b775db9d305059
72 Nee99c46f65d84a3cb9b775db9d305059 rdf:first sg:person.010316410070.01
73 rdf:rest rdf:nil
74 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
75 schema:name Information and Computing Sciences
76 rdf:type schema:DefinedTerm
77 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
78 schema:name Artificial Intelligence and Image Processing
79 rdf:type schema:DefinedTerm
80 sg:person.010316410070.01 schema:affiliation https://www.grid.ac/institutes/grid.36303.35
81 schema:familyName Jang
82 schema:givenName Jong-Soo
83 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010316410070.01
84 rdf:type schema:Person
85 sg:person.012374141605.27 schema:affiliation https://www.grid.ac/institutes/grid.36303.35
86 schema:familyName Kim
87 schema:givenName Ik-Kyun
88 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012374141605.27
89 rdf:type schema:Person
90 sg:person.015322546417.44 schema:affiliation https://www.grid.ac/institutes/grid.36303.35
91 schema:familyName Oh
92 schema:givenName Jin-Tae
93 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015322546417.44
94 rdf:type schema:Person
95 sg:person.07736736115.06 schema:affiliation https://www.grid.ac/institutes/grid.36303.35
96 schema:familyName Choi
97 schema:givenName Yang-seo
98 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07736736115.06
99 rdf:type schema:Person
100 sg:pub.10.1007/978-3-642-10485-5_13 schema:sameAs https://app.dimensions.ai/details/publication/pub.1051725512
101 https://doi.org/10.1007/978-3-642-10485-5_13
102 rdf:type schema:CreativeWork
103 https://doi.org/10.1109/icnp.2002.1181418 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095794931
104 rdf:type schema:CreativeWork
105 https://doi.org/10.1109/infocom.2006.232 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093716177
106 rdf:type schema:CreativeWork
107 https://doi.org/10.1109/pacrim.2007.4313218 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095156541
108 rdf:type schema:CreativeWork
109 https://doi.org/10.1109/tnet.2008.923716 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061715032
110 rdf:type schema:CreativeWork
111 https://doi.org/10.1109/tnet.2008.925628 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061715044
112 rdf:type schema:CreativeWork
113 https://doi.org/10.1109/tnet.2008.926503 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061715055
114 rdf:type schema:CreativeWork
115 https://doi.org/10.1109/tpds.2007.1111 schema:sameAs https://app.dimensions.ai/details/publication/pub.1061753138
116 rdf:type schema:CreativeWork
117 https://doi.org/10.1145/1947940.1948047 schema:sameAs https://app.dimensions.ai/details/publication/pub.1045524620
118 rdf:type schema:CreativeWork
119 https://doi.org/10.1145/997150.997156 schema:sameAs https://app.dimensions.ai/details/publication/pub.1020238858
120 rdf:type schema:CreativeWork
121 https://doi.org/10.5121/ijnsa.2011.3213 schema:sameAs https://app.dimensions.ai/details/publication/pub.1072619591
122 rdf:type schema:CreativeWork
123 https://www.grid.ac/institutes/grid.36303.35 schema:alternateName Electronics and Telecommunications Research Institute
124 schema:name Cyber Security-Convergence Research Department, ETRI, 218, Gajeong-no, Yuseong-gu, Daejeon, 305-700, South Korea
125 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...