Review of Recent Detection Methods for HTTP DDoS Attack

Jaafar, Abdul Ghafar; Abdullah, Shahidan M.; Ismail, Saiful Adli

doi:10.1155/2019/1283472

Cited by 78 publications

(45 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…On the other hand, the HTTP POST processes input data through Forms GUI interface that requires more computation from the server. Therefore, the HTTP POST-DDoS attacks are more dangerous than the GET-DDoS attacks [28]. • XML-based DoS attacks: the majority of information technology workers and specialists in the field of cloud computing agree that security is the main concern for SOA (service-oriented architecture) and XML messages.…”

Section: Application Layer-based Attacksmentioning

confidence: 99%

A New Cybersecurity Approach for Protecting Cloud Services against DDoS Attacks

El-Sofany¹

2020

IJIES

View full text Add to dashboard Cite

Cybersecurity of cloud services is extremely important, especially when developing web services and cloud apps. Cloud computing depends on internet connections; therefore, the security of its services is constantly under attack. Distributed Denial of Service (DDoS) attacks are a malicious attempt to damage the normal traffic of the targeted cloud by flooding it with internet traffic. As a result, this causes a serious problem for cloud computing security. The objectives of this paper are, to introduce a new cybersecurity approach for protecting cloud services against all types of DDoS attacks, to evaluate the performance and effectiveness of the proposed algorithm, and to use the contribution of correlation coefficient analysis for validating the effectiveness of the proposed approach by identifying the relationship between malicious and legitimate traffic. The researcher evaluated the performance of the proposed approach in terms of accuracy, sensitivity, and specificity. The feedback of the experiments was highly promising for protecting cloud services against DDoS Attacks. The experiments showed encouraging results for preventing DDoS attacks, with an average performance of 95.41%, an average accuracy of 96.53%, an average sensitivity of 92.31%, and an average specificity of 97.39%.

show abstract

Section: Application Layer-based Attacksmentioning

confidence: 99%

A New Cybersecurity Approach for Protecting Cloud Services against DDoS Attacks

El-Sofany¹

2020

IJIES

View full text Add to dashboard Cite

show abstract

“…Jaafar et al 11 presented a new detection mechanism for APDDoS attack detection based on different criteria such as attach strategy, performance metrics, and data corpus. Zeebaree et al 15 conducted a comprehensive study on the APDDoS attack detection mechanism based on approaches and data.…”

Section: Research Findings Current Issues and Comparison With Othermentioning

confidence: 99%

“…This complexity has caused an extra challenge to the security of a web server. A few numbers of review papers in the context of APDDoS attack and detection have been presented before 11–15 . This review paper is different from the existing papers in several aspects: (1) APDDoS attack detection mechanisms are categorized based on approaches and methods where each category has its peculiar advantages and disadvantages.…”

Section: Introductionmentioning

confidence: 99%

A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack

Odusami

Misra

Abayomi‐Alli

et al. 2020

Int J Communication

View full text Add to dashboard Cite

SummaryBackgroundOne of the significant attacks targeting the application layer is the distributed denial‐of‐service (DDoS) attack. It degrades the performance of the server by usurping its resources completely, thereby denying access to legitimate users and causing losses to businesses and organizations.AimThis study aims to investigate existing methodologies for application‐layer DDoS (APDDoS) attack defense by using specific measures: detection methods/techniques, attack strategy, and feature exploration of existing APDDoS mechanisms.MethodologyThe review is carried out on a database search of relevant literature in IEEE Xplore, ACM, Science Direct, Springer, Wiley, and Google Search. The search dates to capture journals and conferences are from 2000 to 2019. Review papers that are not in English and not addressing the APDDoS attack are excluded. Three thousand seven hundred eighty‐nine studies are identified and streamlined to a total of 75 studies. A quantifiable assessment is performed on the selected articles using six search procedures, namely: source, methods/technique, attack strategy, datasets/corpus, status, detection metric, and feature exploration.ResultsBased on existing methods/techniques for detection, the results show that machine learning gave the highest proportion with 36%. However, assessment based on attack strategy shows that several studies do not consider an attack form for deploying their solution. Result based on existing features for the APDDoS detection technique shows request stream during a user session and packet pattern gave the highest result with 47%. Unlike packet header information with 33%, request stream during absolute time interval with 12% and web user features 8%.ConclusionResearch findings show that a large proportion of the solutions for APDDoS attack detection utilized features based on request stream during user session and packet pattern. The optimization of features will improve detection accuracy. Our study concludes that researchers need to exploit all attack strategies using deep learning algorithms, thus enhancing effective detection of APDDoS attack launch from different botnets.

show abstract

“…Jafaar, et al, viewed 12 recent detection of DDoS attack at the application layer published between January 2014 and December 2018 [15]. Alomari, et al, present a comprehensive study to show the danger of Botnet-based DDoS attacks on application layer, especially on the web server and the increased incidents of such attacks that has evidently increased recently [16].…”

Section: Introductionmentioning

confidence: 99%

TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

Pratama

2020

Bulletin of Comp. Sci. & Electr. Eng.

View full text Add to dashboard Cite

TCP SYN Flood as one kind of Denial of Service (DoS) attack, still popular to flood the server connection, by sending SYN packets to the target. Because of the risk caused by this attack, there is a need for a network security mechanism. In this paper, one of the security mechanisms proposed is using Stateful Packet Inspection (SPI) method on Configserver Security and Firewall (CSF). By using SPI method, CSF has capabilities to responsible for separating packets of data, that may be entered with data packets that should not be entered into the server. For example: port to be opened, port closed, and IP Address that may access the server for anywhere. This paper combines both of CSF and SPI method to prevent TCP SYN Flood (DoS) with Proof of Concept (PoC) at the Linux operating system. The security process is done in 3 ways: configuring a maximum connection from an IP Address to a server, securing an incoming SYN packet per second, and counting how many times an IP Address violates the minimum SYN packet rule per second before being blocked by a firewall.

show abstract

Review of Recent Detection Methods for HTTP DDoS Attack

Cited by 78 publications

References 43 publications

A New Cybersecurity Approach for Protecting Cloud Services against DDoS Attacks

A New Cybersecurity Approach for Protecting Cloud Services against DDoS Attacks

A survey and meta‐analysis of application‐layer distributed denial‐of‐service attack

TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

Contact Info

Product

Resources

About