| Not much difference between HTTP-GET Flood attack stream and the ordinary flowof connection from the backbone level is difficult to implement HTTP-GET Flood attackdetection, first proposed exception basis server response speed discern server-usingBloom Filterstatistical backbone in a certain period of time, the number of Web serverresponse timeout, timeout highest number of Web server extracts the response as a testobject into highly targeted originally needle in a haystack detection. Secondly, the attackpackets and normal request data is not much difference between the statistics andcharacteristics recognition method is difficult to achieve the purpose of detection, at thesame time in order to distinguish between the servers in the context of mutations flowresponse to an exception because of the the artificial high concentration access or underDDOS attack distinguish abnormal based on the user’s browsing behavior: request databehind action quantify the browser to access the server action split the fine granularity oftime to the continuous timing and statistical various actions in4byte number triggered onthe appropriate timing frequency, because of the the botnet attack actions similaritysignificantly higher than manual browsing behavior, so the selection of aggressivebehavior characteristics of HF browsing behavior each time granularity as an object ofstudy, the use of the different parameters of the background to distinguish betweenaggressive behavior and achieve a variable parameter of the HTTP-Get Flood attackdetection, the use of mathematical methods to analyze time series of abnormal datacharacteristics. Finally, proposed the based authentication mechanism GET-Flood defense,and details the principle and implementation of the algorithm. The experiment showed thatthe detection and prevention methods can play a good exception found and maliciousattacks to intercept the purpose. |
PDF Full Text Request