Summary: | A web application utilizes Hypertext Transfer Protocol (HTTP) to surf client requests. This protocol is used widely, especially in business areas such as in online transactions and websites, including in government websites. A client delivers information to a server carried by a client web browser. An HTTP distributed denial of service (DDoS) attack occurs when the attacker is able to mimic client information, which makes a DDoS attack at the application layer difficult to distinguish as the traffic pattern is similar to a genuine request. Furthermore, it is not compulsory for the client to present the GET headers component to a web server during the GET request transaction. Existing detection of HTTP DDoS attacks still faces challenges in differentiating between authentic and bogus GET requests in real time. In this paper, a fast algorithm (FARGO) method to detect HTTP DDoS attacks is introduced. FARGO consists of three detection algorithms to recognize HTTP DDoS categories as request flooding attacks. The assessment of the proposed detection system was conducted in real experimental conditions with real attack scripts. The proposed detection method provided expected outcomes with improvements of 11.30% for true positive rates and 8.9% for false-positive rates.
|