Professional Documents
Culture Documents
Abstract-In this paper a method for detecting Denial-ofService attacks in Web sites is presented. The detection of
Web attacks are distinguished from normal user patterns by
inserting decoy hyperlinks into some key pages in the Website. Typical types of decoy hyperlinks are described and
experimental results derived from real Web-sites gives the
extremely low false positive rate of 0.0421%. A method for
selecting an effective and minimal number of decoy
hyperlinks and pages is also presented and evaluated in real
and simulated data.
Keywords: Denial of Service, HTTP Flood, Graphs, decoy
hyperlinks
I.
INTRODUCTION
1.
u1 V
(u , u1 )
d (u , u )
= arg min{
| u V } , (B)
d (u , u )
u1 V
u1 V u 2 V
(1)
IV.
| u V } , (A)
Vbest
(2)
(3)
where dG(u) is the degree of the vertex u, and |V| the order
of the graph.
Taking into account the experimental results, the
selection function C is used in the proposed Web-page
selection algorithm as follows.
1. Initialization. Set
Dv:={},
Rv:=V,
Dv:=Dv U VBest
Rv := Rv - VBest.
3. Termination criterion. If the number of selected
vertices exceeds a pre-define threshold, the algorithm
terminates, otherwise steps 2 and 3 are repeated.
3.
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
Jonathan
A.
Zdziarski,
mod_evasive,
http://www.
nuclearelephant. com/ projects/mod_evasive/.
Mukund Deshpande and George Karypis, Selective Markov for
Predicting Web-Page Accesses, Technical Report #00-056,
University of Minessota, 2000.
Acharyya Sreangsu, Ghosh Joydeep, Context-Sensitive Modeling
of Web-Surfing Behaviour using Concept Trees, in Proceedings of
the 5th WEBKDD Workshop, Washington, 2003.
Alexander Ypma and Tom Heskes, Automatic Categorization of
Web Pages and User Clustering with Mixtures of Hidden Markov
Models, in Proccedings in the 4th WEBKDD Workshop, Canada,
2002.
Weinan Wang and Osmar R. Zaiane, Clustering Web Sessions by
Sequence Alignment, in Proceedings of DEXA Workshops, 2002,
pp. 394-398.
William G. Morein, Angelos Stavrou, Debra L Cook, Angelos
Keromytis, Vishal Misra, Dan Rubnstein, Using Graphic Turing
Tests To Counter Automated DdoS Attacks Against Web Servers,
Proceedings of the 10th ACM International Conference on
Computers & Communications Security, Washington 2003.
D.L. Cook, W.G. Morein, A.D. Keromytis, V. Misra, D.
Rubenstein, WebSOS: protecting web servers from DDoS
attacks, Proceedings of the 11th IEEE International Conference on
Networks (ICON), 2003, pp. 455-460.
Srikanth Kandula and Dina Katabi and Matthias Jacob and Arthur
W. Berger, Botz-4-Sale: Surviving Organized DDoS Attacks That
Mimic Flash Crowds, 2nd Symposium on Networked Systems
Design and Implementation, Boston, 2005
K.
Poulsen,
FBI
Busts
Alleged
DDoS
Mafia,
http://www.securityfocus.com/news/9411/