Browsing behavior mimicking attacks on popular web sites for large botnets

Shui Yu; Guofeng Zhao; Song Guo; Xiang Yang; Athanasios V. Vasilakos

doi:10.1109/INFCOMW.2011.5928949

Browsing behavior mimicking attacks on popular web sites for large botnets

Shui Yu, Guofeng Zhao, Song Guo, Xiang Yang, Athanasios V. Vasilakos

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

7 Citations (Scopus)

Abstract

With the significant growth of botnets, application layer DDoS attacks are much easier to launch using large botnet, and false negative is always a problem for intrusion detection systems in real practice. In this paper, we propose a novel application layer DDoS attack tool, which mimics human browsing behavior following three statistical distributions, the Zipf-like distribution for web page popularity, the Pareto distribution for page request time interval for an individual browser, and the inverse Gaussian distribution for length of browsing path. A Markov model is established for individual bot to generate attack request traffic. Our experiments indicated that the attack traffic that generated by the proposed tool is pretty similar to the real traffic. As a result, the current statistics based detection algorithms will result high false negative rate in general. In order to counter this kind of attacks, we discussed a few preliminary solutions at the end of this paper.

Original language	English
Title of host publication	2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011
Pages	947-951
Number of pages	5
DOIs	https://doi.org/10.1109/INFCOMW.2011.5928949
Publication status	Published - 26 Jul 2011
Externally published	Yes
Event	2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011 - Shanghai, China Duration: 10 Apr 2011 → 15 Apr 2011

Conference

Conference	2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011
Country/Territory	China
City	Shanghai
Period	10/04/11 → 15/04/11

Keywords

attack simulation
botnet
browsing behavior

ASJC Scopus subject areas

Computer Networks and Communications
Communication

More information

10.1109/INFCOMW.2011.5928949

Cite this

@inproceedings{812283e575244e53ade68816075e4f4f,

title = "Browsing behavior mimicking attacks on popular web sites for large botnets",

abstract = "With the significant growth of botnets, application layer DDoS attacks are much easier to launch using large botnet, and false negative is always a problem for intrusion detection systems in real practice. In this paper, we propose a novel application layer DDoS attack tool, which mimics human browsing behavior following three statistical distributions, the Zipf-like distribution for web page popularity, the Pareto distribution for page request time interval for an individual browser, and the inverse Gaussian distribution for length of browsing path. A Markov model is established for individual bot to generate attack request traffic. Our experiments indicated that the attack traffic that generated by the proposed tool is pretty similar to the real traffic. As a result, the current statistics based detection algorithms will result high false negative rate in general. In order to counter this kind of attacks, we discussed a few preliminary solutions at the end of this paper.",

keywords = "attack simulation, botnet, browsing behavior",

author = "Shui Yu and Guofeng Zhao and Song Guo and Xiang Yang and Vasilakos, {Athanasios V.}",

year = "2011",

month = jul,

day = "26",

doi = "10.1109/INFCOMW.2011.5928949",

language = "English",

isbn = "9781457702488",

pages = "947--951",

booktitle = "2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011",

note = "2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011 ; Conference date: 10-04-2011 Through 15-04-2011",

}

Yu, S, Zhao, G, Guo, S, Yang, X & Vasilakos, AV 2011, Browsing behavior mimicking attacks on popular web sites for large botnets. in 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011., 5928949, pp. 947-951, 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011, Shanghai, China, 10/04/11. https://doi.org/10.1109/INFCOMW.2011.5928949

Browsing behavior mimicking attacks on popular web sites for large botnets. / Yu, Shui; Zhao, Guofeng; Guo, Song et al.

2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011. 2011. p. 947-951 5928949.

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Browsing behavior mimicking attacks on popular web sites for large botnets

AU - Yu, Shui

AU - Zhao, Guofeng

AU - Guo, Song

AU - Yang, Xiang

AU - Vasilakos, Athanasios V.

PY - 2011/7/26

Y1 - 2011/7/26

N2 - With the significant growth of botnets, application layer DDoS attacks are much easier to launch using large botnet, and false negative is always a problem for intrusion detection systems in real practice. In this paper, we propose a novel application layer DDoS attack tool, which mimics human browsing behavior following three statistical distributions, the Zipf-like distribution for web page popularity, the Pareto distribution for page request time interval for an individual browser, and the inverse Gaussian distribution for length of browsing path. A Markov model is established for individual bot to generate attack request traffic. Our experiments indicated that the attack traffic that generated by the proposed tool is pretty similar to the real traffic. As a result, the current statistics based detection algorithms will result high false negative rate in general. In order to counter this kind of attacks, we discussed a few preliminary solutions at the end of this paper.

AB - With the significant growth of botnets, application layer DDoS attacks are much easier to launch using large botnet, and false negative is always a problem for intrusion detection systems in real practice. In this paper, we propose a novel application layer DDoS attack tool, which mimics human browsing behavior following three statistical distributions, the Zipf-like distribution for web page popularity, the Pareto distribution for page request time interval for an individual browser, and the inverse Gaussian distribution for length of browsing path. A Markov model is established for individual bot to generate attack request traffic. Our experiments indicated that the attack traffic that generated by the proposed tool is pretty similar to the real traffic. As a result, the current statistics based detection algorithms will result high false negative rate in general. In order to counter this kind of attacks, we discussed a few preliminary solutions at the end of this paper.

KW - attack simulation

KW - botnet

KW - browsing behavior

UR - http://www.scopus.com/inward/record.url?scp=79960618060&partnerID=8YFLogxK

U2 - 10.1109/INFCOMW.2011.5928949

DO - 10.1109/INFCOMW.2011.5928949

M3 - Conference article published in proceeding or book

SN - 9781457702488

SP - 947

EP - 951

BT - 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011

T2 - 2011 IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2011

Y2 - 10 April 2011 through 15 April 2011

ER -

Browsing behavior mimicking attacks on popular web sites for large botnets

Abstract

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this