کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
448871 693609 2013 13 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Detecting latent attack behavior from aggregated Web traffic
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
Detecting latent attack behavior from aggregated Web traffic
چکیده انگلیسی

Indirect attack mode has been a serious threat to server security due to the covert nature. This paper focuses on a new application-layer indirect attack which exploits the communication mechanism of proxy server to attack the targets. Such type of attacks is not easy to be discovered by most existing defense systems since malicious traffic hides in the aggregated traffic. Moreover, the sources of the attack traffic and normal traffic are indistinguishable, because both of them share the same IP of the last proxy server. In this paper a novel server-side defense scheme is proposed to resist such covert indirect attacks. An improved semi-Markov model is proposed to describe the dynamic behavior process of aggregated traffic. The model includes two stochastic processes. The observable process represents the changes in the appearance features of the observed traffic, while the unobservable process is a semi-Markov chain which represents the underlying time-varying patterns used to generate the outgoing traffic by a proxy server. An algorithm is proposed to estimate the model parameters. An objective function is defined to evaluate the normality of a proxy server’s access behavior. Numerical results based on real traffic demonstrate the performance of the proposed method.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computer Communications - Volume 36, Issue 8, 1 May 2013, Pages 895–907
نویسندگان
, , , , ,