Thankaraja Raja Sree scite author profile

2016

Security Comm Networks

The exponential growth in Internet usage causes cyber attack incidents. Among the various kinds of attacks, HTTP GET flooding attack is one of the major threats to the Internet services, as it depletes the resources and services in the application layer. It is difficult to distinguish between the legitimate traffic and malicious traffic from log file traces because the request patterns of attacks are similar to legitimate clients. The various techniques used for the detection of HTTP GET flooding attack are pattern analysis, entropy method, network-based access control mechanism, etc. These techniques use the predefined rules obtained from the traffic patterns to detect the attack and may result in false positives. Hence, to overcome this drawback, the rules are needed to be updated for new traffic patterns caused by the attacks that may lead to more processing time. In order to mitigate this issue, the proposed method uses web server logs instead of traffic patterns. The proposed method reads the web server logs, extracts the relevant features and uses analytical hierarchical process to predict whether the attack has occurred or not and detects the suspicious sources by using Dempster-Shafer theory of evidence. The experimental results are compared with existing approaches such as Snort Intrusion Detection System (IDS), page access behaviour, entropy method and auto-regressive model. The experimental results demonstrate that the proposed method (HADM) achieves a high detection rate, reduces false alarms and takes less processing time by using MapReduce.

show abstract

HAP: detection of HTTP flooding attacks in cloud using diffusion map and affinity propagation clustering

IET Information Security

2019

Detection of HTTP Flooding Attacks in Cloud Using Dynamic Entropy Method

2017

Arab J Sci Eng

Investigation of Application Layer DDoS Attacks Using Clustering Techniques

Sree¹,

Bhanu²

2018

IJWMT

The exponential usage of internet attracts cyber criminals to commit crimes and attacks in the network. The forensic investigator investigates the crimes by determining the series of actions performed by an attacker. Digital forensic investigation can be performed by isolating the hard disk, RAM images, log files etc. It is hard to identify the trace of an attack by collecting the evidences from network since the attacker deletes all possible traces. Therefore, the possible way to identify the attack is from the access log traces located in the server. Clustering plays a vital role in identifying attack patterns from the network traffic. In this paper, the performance of clustering techniques such as k-means, GA k-means and Self Organizing Map (SOM) are compared to identify the source of an application layer DDoS attack. These methods are evaluated using web server log files of an apache server and the results demonstrate that the SOM based method achieves high detection rate than k-means and GA k-means with less false positives.

show abstract

Detection of HTTP flooding attacks in cloud using fuzzy bat clustering

2019

Neural Comput & Applic