Modeling of HTTP Request with Regular Expression for Slow HTTP DoS Attack Detection

Main Article Content

nfn Ramlan
Avinanta Tarigan

Abstract

The availability of Web Service is the most important thing to be guaranteed, but there are many threats to the Web Service particularly from the internet, one of the famous methods is Slow HTTP DoS Attack. There are many research projects about this topic before, but there is always the possibility to increase the accuracy rate and minimizing the False Positive Rate and should be considered to use it at the small and medium scale of network infrastructure. In this research, another IDS method was used to find a better result for Slow HTTP DoS Attack detection through modeling HTTP Request based on Regular Expression. Detection patterns made from HTTP Request Traffic of some popular Web Browsers then looked for the similarity of the HTTP Request Traffic using Needleman Wunsch algorithm. This pattern was negated at the important part of HTTP Request headers, then converted to Regular Expression. New Pattern in Regular Expression was inserted to the L7-Filter that part of Netfilter. This method has been proved to detect Slow HTTP DoS Attack with 100% accuracy and False Positive Rate 0%.

Dimensions

Article Details

How to Cite
Ramlan, nfn, & Tarigan, A. (2019). Modeling of HTTP Request with Regular Expression for Slow HTTP DoS Attack Detection. Jurnal Pekommas, 4(1), 31–42. https://doi.org/10.30818/jpkm.2019.2040104
Section
Informatics
Author Biography

nfn Ramlan, Universitas AMIKOM Yogyakarta

Dinas Kominfo Pemerintah Kota Palopo

Pangkat : Penata TK. I / III/d

Jabatan : Kasi Pengembangan Sistem TI

References

Akbar, S., Endroyono, Wibawa, A. D. (2016). The impact analysis and mitigation of DDoS attack on local government electronic procurement service (LPSE). Intelligent Technology and Its Applications (ISITIA), 2016 International Seminar on (pp. 405-410).

Bansal, A., & Kaur, S. (2018). Extreme Gradient Boosting Based Tuning for Classification in Intrusion Detection Systems. In International Conference on Advances in Computing and Data Sciences, (pp. 372-380).

Cambiaso, E., Papaleo, G., Chiola, G., & Aiello, M. (2013). Slow DoS attacks: definition and categorization. International Journal of Trust Management in Computing and Communications, Vol.1(3-4), 300-319.

Cambiaso, E., Papaleo, G., Chiola, G., & Aiello, M. (2016). A Network Traffic Representation Model for Detecting Application Layer Attacks. International Journal of Computing and Digital System 5, No.1.

Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., & Berners-Lee, T. (1999). Hypertext transfer protocol--HTTP/1.1 (No. RFC 2616).

Friedl, J.E.F. (1997). Mastering Regular Expressions: Powerful Techniques for Perl and Other Tools. O'Reilly & Associates.

Gangwar, A., Sahu, S. (2014). A survey on anomaly and signature based intrusion detection system (IDS). International Journal of Engineering Research and Applications ISSN : 2248-9622, Vol. 4, Issue 4 (Version 1), April 2014, pp.67-72.

Gheorghe, L. (2006). Designing and Implementing Linux Firewalls and QoS using netfilter, iproute2, NAT, and L7-filter. Packt Publishing Ltd.

Giralte, L. C., Conde, C., De Diego, I. M., & Cabello, E. (2013). Detecting denial of service by modelling web-server behaviour. Computers & Electrical Engineering, 39(7), 2252-2262.

Gourley, D., Totty, B. (2002). HTTP: The Definitive Guide. O’Reilly Media, Inc.

Goyvaerts, J. (2006). Regular Expressions: The Complete Tutorial. Lulu Press.

Gupta, S., Grover, D. (2016). Application Layer DDOS Attack :A Big Threat. Streamed Info-Ocean, Volume 1, Issue 1.

Idhammad, M., Afdel, K., & Belouch, M. (2018). Detection system of HTTP DDoS attacks in a cloud environment based on information theoretic entropy and random forest. Security and Communication Networks.

Kaspersky. (6 Februari 2018). DDoS Attack in Q4 2017. Diakses dari https://securelist.com/ddos-attacks-in-q4-2017/83729/ tanggal 25 Juli 2018.

Kozik, R., Choraś, M., Renk, R., & Hołubowicz, W. (2014). Modelling HTTP requests with regular expressions for detection of cyber attacks targeted at web applications. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14 (pp. 527-535).

Kumar, G. (2016). Denial of service attacks–an updated perspective. Systems Science & Control Engineering, 4(1), 285-294.

Likic, V. (2008). The Needleman-Wunsch algorithm for sequence alignment. Lecture given at the 7th Melbourne Bioinformatics Course, Bi021 Molecular Science and Biotechnology Institute, University of Melbourne, 1-46.

Ndatinya, V., Xiao, Z., Manepalli, V. R., Meng, K., & Xiao, Y. (2015). Network forensics analysis using Wireshark. International Journal of Security and Networks, 10(2), 91-106.

Prithi, S., Sumathi, S., & Amuthavalli, C. (2017). A Survey on Intrusion Detection System using Deep Packet Inspection for Regular Expression Matching. International Journal of Electronics, Electrical and Computational System (IJEECS), ISSN 2348-117X, Volume 6, Issue 1.

Sagala, A. & Pardosi, R. (2017). Improving SCADA Security using IDS and MikroTIK, Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 9(1-4), pp.133-137.

Santoso, B. I., Idrus, M. R. S., & Gunawan, I. P. (2016). Designing Network Intrusion and Detection System using signature-based method for protecting OpenStack private cloud. Engineering Seminar (InAES), International Annual (pp. 61-66).

Sathwara, S., & Parekh, C. (2017). Distributed Denial of Service Attacks: TCP Syn Flooding Attack Mitigation. International Journal of Advanced Research in Computer Science, Vol. 8 Issue 5, p.2392-2396.

Satrya, G.B., Nugroho, F. E., Brotoharsono, T. (2016). Improving Network Security – A Comparison between nDPI and L7-Filter. International Journal on ICT Vol. 2, Issue. 2, pp. 11-26.

Stewart, J. M., Chapple, M., & Gibson, D. (2012). CISSP: Certified Information Systems Security Professional Study Guide 6th Edition. John Wiley & Sons.

W3Counter. (12 Desember 2017). Browser and Platfrom Market Share. Diakses dari https://www.w3counter.com/globalstats.php?year=2017&month=12 tanggal 25 Juli 2018.

Yevsieieva, O., & Helalat, S. M. (2017). Analysis of the impact of the slow HTTP DOS and DDOS attacks on the cloud environment. Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), 2017 4th International (pp. 519-523).

Zhu, W., Zeng, N., & Wang, N. (2010). Sensitivity, specificity, accuracy, associated confidence interval and ROC analysis with practical SAS implementations. NESUG proceedings: health care and life sciences, Baltimore, Maryland, 19, 67.