Abstract
With the significant growth of botnets, application layer DDoS attacks are much easier to launch using large botnet, and false negative is always a problem for intrusion detection systems in real practice. In this paper, we propose a novel application layer DDoS attack tool, which mimics human browsing behavior following three statistical distributions, the Zipf-like distribution for web page popularity, the Pareto distribution for page request time interval for an individual browser, and the inverse Gaussian distribution for length of browsing path. A Markov model is established for individual bot to generate attack request traffic. Our experiments indicated that the attack traffic that generated by the proposed tool is pretty similar to the real traffic. As a result, the current statistics based detection algorithms will result high false negative rate in general. In order to counter this kind of attacks, we discussed a few preliminary solutions at the end of this paper.
Original language | English |
---|---|
Title of host publication | 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011 |
Pages | 947-951 |
Number of pages | 5 |
DOIs | |
Publication status | Published - 26 Jul 2011 |
Externally published | Yes |
Event | 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011 - Shanghai, China Duration: 10 Apr 2011 → 15 Apr 2011 |
Conference
Conference | 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011 |
---|---|
Country/Territory | China |
City | Shanghai |
Period | 10/04/11 → 15/04/11 |
Keywords
- attack simulation
- botnet
- browsing behavior
ASJC Scopus subject areas
- Computer Networks and Communications
- Communication