Framework for detecting DoS/DDoS Attacks against Web servers

Thumbnail Image

Files

AICHAOUI TARIQ.pdf (3.62 MB)

Date

2016

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

FACULTE DES MATHEMATIQUES ET DE L’INFORMATIQUE - UNIVERSITE MOHAMED BOUDIAF - M’SILA

Abstract

Recently many prominent web sites face so called Denial of Service Attacks (DoS).these attacks occur when an attacker attempts to make the web server, or servers, unavailable to serve up the web sites they host to legitimate visitors. Despite many researchers’ efforts, no optimal solution that addresses all sorts of DoS/DDoS attacks is on offer. Therefore, our framework aims to propose an alternative solution which handles all aspects of HTTP and TCP based DDoS attacks through the following three subsequent framework’s layers:  Firstly, an outer detector blocks attacking IP source if it is listed on the black list.  Secondly, the IP spoofed detector to validate the source of incoming requests.  Thirdly, two classifier modules are proposed to detect HTTP/TCP DDoS attacks, for this modules we : o Select the relevant features of the HTTP protocol, to calculate a new set of features to classify the HTTP traffic as normal or DoS attack. o Select the relevant features of the TCP protocol, to calculate a new set of features, to classify the TCP traffic as normal or DoS attac

Description

Keywords

Denial of service attack (DoS) detection, Web server attack, Intrusion detection system, Decision tree, IP spoofed detection.

Citation

URI

http://dspace.univ-msila.dz:8080//xmlui/handle/123456789/2698

Collections

Master Thesis