A new method to reduce the effects of HTTP-Get Flood attack

HTTP Get Flood attack is known as the most common DDOS attack on the application layer with a frequency of 21 percent in all attacks. Since a huge amount of requests is sent to the Web Server for receiving pages and also the volume of responses issued by the server is much more than the volume received by zombies in this kind of attack, hence it could be done by small botnets; in the other hand, because every zombie attempts to issue the request by the use of its real address, carries out all stages of the three-stage handshakes, and the context of the requests is fully consistent with the HTTP protocol, the techniques of fake address detection and anomaly detection in text could not be employed. The mechanisms that are used to deal with this attack not only have much processing overload but also may cause two kinds of “False Negative” (To realize wrongly the fake traffic as the real traffic) and “False Positive” (To realize wrongly the real traffic as the fake traffic) errors. Therefore a method is proposed that is able to adapt itself to the traffic by the use of low processing overload and it has less error than the similar systems and using this way.