• Title/Summary/Keyword: HTTP GET Request

Search Result 3, Processing Time 0.018 seconds

Optimal thresholds of algorithm and expansion of Application-layer attack detection block ALAB in ALADDIN (ALADDIN의 어플리케이션 계층 공격 탐지 블록 ALAB 알고리즘의 최적 임계값 도출 및 알고리즘 확장)

  • Yoo, Seung-Yeop;Park, Dong-Gue;Oh, Jin-Tae;Jeon, In-Ho
    • The KIPS Transactions:PartC
    • /
    • v.18C no.3
    • /
    • pp.127-134
    • /
    • 2011
  • Malicious botnet has been used for more malicious activities, such as DDoS attacks, sending spam messages, steal personal information, etc. To prevent this, many studies have been preceded. But malicious botnets have evolved and evaded detection systems. In particular, HTTP GET Request attack that exploits the vulnerability of the application layer is used. ALAB of ALADDIN proposed by ETRI is DDoS attack detection system that HTTP GET, Incomplete GET request flooding attack detection algorithm is applied. In this paper, we extend Incomplete GET detection algorithm of ALAB and derive the optimal configuration parameters to verify the validity of the algorithm ALAB by the study of the normal and attack packets.

A Novel Application-Layer DDoS Attack Detection A1gorithm based on Client Intention (사용자 의도 기반 응용계층 DDoS 공격 탐지 알고리즘)

  • Oh, Jin-Tae;Park, Dong-Gue;Jang, Jong-Soo;Ryou, Jea-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.1
    • /
    • pp.39-52
    • /
    • 2011
  • An application-layer attack can effectively achieve its objective with a small amount of traffic, and detection is difficult because the traffic type is very similar to that of legitimate users. We have discovered a unique characteristic that is produced by a difference in client intention: Both a legitimate user and DDoS attacker establish a session through a 3-way handshake over the TCP/IP layer. After a connection is established, they request at least one HTTP service by a Get request packet. The legitimate HTTP user waits for the server's response. However, an attacker tries to terminate the existing session right after the Get request. These different actions can be interpreted as a difference in client intention. In this paper, we propose a detection algorithm for application layer DDoS attacks based on this difference. The proposed algorithm was simulated using traffic dump files that were taken from normal user networks and Botnet-based attack tools. The test results showed that the algorithm can detect an HTTP-Get flooding attack with almost zero false alarms.

HTTP based remote monitoring and control system using JAVA (HTTP 기반의 자바를 이용한 원격 감시 및 제어 시스템)

  • Yi Kyoung-Woong;Choi Han-Soo
    • Journal of Institute of Control, Robotics and Systems
    • /
    • v.10 no.9
    • /
    • pp.847-854
    • /
    • 2004
  • In this paper, It is studied to control and to monitor the remote system state using HTTP(Hyper Text Transfer Protocol) object communication. The remote control system is controlled by using a web browser or a application program. This system is organized by three different part depending on functionality-server part, client part, controller part. The java technology is used to composite the server part and the client part and C language is used for a controller. The server part is waiting for the request of client part and then the request is reached, the server part saves client data to the database and send a command set to the client part. The administrator can control the remote system just using a web browser. Remote part is worked by timer that is activated per 1 second. It gets the measurement data of the controller part, and then send the request to the server part and get a command set in the command repository of server part using the client ID. After interpreting the command set, the client part transfers the command set to the controller part. Controller part can be activated by the client part. If send command is transmitted by the client part, it sends sensor monitoring data to the client part and command set is transmitted then setting up the value of the controlled system.