LOW-SPEED HTTP DDOS ATTACK PREVENTION MODEL FOR END USERS
DOI:
https://doi.org/10.28925/2663-4023.2024.26.695Keywords:
DDoS attacks; traffic; behavioral analysis; machine learning; adaptive defense; anomaly detection.Abstract
Slow HTTP DDoS attacks pose a serious threat to information systems and web services because they use sophisticated techniques to exhaust server resources. These attacks specifically target compute resource exhaustion, request throughput, or connection management at the application layer [1]. Biased modeling of such attacks requires a special approach to analyze traffic behavior and request characteristics, allowing anomalies to be detected even with minimal network activity [2], [15]. The main problem with such attacks is that they are difficult to recognize because of their similarity to legitimate traffic. Therefore, it is necessary to develop intelligent systems that can analyze the complex interaction patterns between clients and servers. The proposed model is based on a complex analysis of network activity using a layered threat detection system. The model utilizes machine learning algorithms that adapt to changing attack characteristics and improve the accuracy of detecting subtle anomalies in traffic [3], [13]. This minimizes the number of false positives and allows the system to respond quickly to changes in the attack vector. Simulation results demonstrate the effectiveness of the proposed approach, as it can respond to attacks even before the system has exhausted its resources. A feature of this model is its ability to detect early threats with low traffic intensity that do not impose a significant load on network equipment [4]. However, such threats always consume computing power and thus have a devastating impact on services. A unique advantage of this approach is that it can be integrated with existing SIEM systems, allowing for more comprehensive real-time monitoring of network activity. It also opens prospects for the realization of distributed cyber defense systems operating in multi-area networks with high traffic intensity. The proposed model provides high data processing performance through optimization of the classification algorithm and its parallel implementation. The proposed model can be integrated into various cybersecurity systems without significant impact on network performance [5], [6], [14]. The model is promising in the direction of automatic detection of new types of attacks, integration with existing SIEM systems, and faster processing of large amounts of traffic. Furthermore, the versatility of the packet group analysis mechanism allows its extension to other types of DDoS attacks based on the use of low-intensity traffic. This makes it suitable for protecting not only web applications but also other network services such as IoT platforms and cloud infrastructures. The proposed approach provides a basis for the development of intelligent defense systems against DDoS attacks. Its efficiency and adaptability will expand the capabilities of cyber defense systems, increase the resilience of information systems against modern threats, and minimize the negative impact on critical services.
Downloads
References
Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39–53.
Beitollahi, H., & Deconinck, G. (2012). Analyzing low-rate DoS attacks against application servers. Computers & Security, 31(8), 847–860.
Yu, S., Zhou, W., & Doss, R. (2013). Information theory based detection against network behavior mimicking DDoS attacks. IEEE Communications Letters, 17(5), 1052–1055.
Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: classification and state-of-the-art. Computer Networks, 44(5), 643–666.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.
Kolodchak, О. М. (2012). Modern methods of anomaly detection in intrusion detection systems. Bulletin of Lviv Polytechnic National University. Computer systems and networks, 745, 98–104.
Karig, D., Lee, R. (2001). Remote Denial of Service At-tacks and Countermeasures. Princeton University Department of Electrical Engineering Technical Report CE-L2001-002DoS attack taxonomy proposed by A. Fadlallah (Fadlallah and Serhrouchmi 2005).
Mirkovich, J., Dietrich, S., Dittrich, D., Reiher, P. (2005). Internet Denial of Service: Attack and Defense Mechanisms. New Jersey: Prentice Hall.
Douligeris, C., Mitrokots, A. (2004). DDoS atacks and defense mechanisms: classification and state-of-the-art. Computer Networks, 4(2004), 643–666.
Specht, S. M., Lee, R. B. (2004). Distributed Denial of Service: Taxonomy of Attacks, Tools and Countermeasures. 17th International Conference on Parallel and Distributed Computing Systems, 543–550.
Asosheh, A., Ranezani, N. (2008). A comprehensive faxonomy of DDoS attacks and defense mechanism applying in a smart classification. WSEAS Transactions on Communications 7(4), 281–290.
Yevseiev, S., Melenti, Y. Voitko, O., Hrebeniuk, V., Korchenko, A., Mykus, S., Milov, O., Prokopenko, O., Sievierinov, О., Chopenko, D. (2021). Development of a concept for building a critical infrastructure facilities security system. Eastern-European Journal of Enterprise Technologies, 3(9(111)), 63–83. http://dx.doi.org/10.15587/1729-4061.2021.233533
Wang, H., Zhang, D., & Shin, K. G. (2002). Detecting SYN flooding attacks. IEEE INFOCOM, 3, 1530–1539.
Chen, Y., Hwang, K., & Ku, W. (2007). Collaborative detection of DDoS attacks over multiple network domains. IEEE Transactions on Parallel and Distributed Systems, 18(12), 1649–1662.
Gu, Y., & Lu, J. (2011). An efficient algorithm for DDoS attack detection based on entropy analysis. Journal of Networks, 6(6), 1033–1040.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Петро Поночовний
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
