Static HTML was provided as a tool to display pictures and inert information. Consequently, as the internet and web access became more and more ubiquitous so too did the needs of those users who were accessing web applications. A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. A novel server-side defense scheme is proposed to resist the Web proxy-based distributed denial of service attack. The approach utilizes the temporal and spatial locality to extract the behavior features of the proxy-to-server traffic, to protect weak signals from the interference of infrequent large values. Then, a new hidden semi-Markov model is proposed to describe the time-varying traffic behavior of Web proxies. The new method reduces the number of parameters to be estimated, and can characterize the dynamic evolution of the proxy-to-server traffic rather than the static statistics. It converts a suspicious traffic into a relatively normal one by behavior reshaping rather than rudely discarding.

1. Yi Xie, S. Tang,Y. Xiang,and J. Hu,"Resisting Web Proxy-Based HTTP Attacks by Temporal and Spatial Locality Behavior",IEEE Transcations on parallel and Distirbuted systems, VOL. 24, NO. 7, JULY 2013
2. T. Peng, C. Leckie, and K. Ramamohanarao, "Survey of Network- Based Defense mechanisms Countering the Dos and DDos Problems," ACM Computing Surveys,vol. 39, no. 1, hgp. 3, 2007.
3. S. Lee, G. Kim, and S. Kim, "Sequence-Order-Independent Network Profiling for Detecting Application Layer DDos Attacks," EURASIP J. Wireless Comm. and Networking, vol. 2011, no. 1,p. 50, 2011.
4. S. Yu, W. Zhou, W. Jia, S. Guo, Y. Xiang, and F. Tang, "Discriminating DDos Attacks from Flash Crowds Using Flow Correlation Coefficient," IEEE Trans. Parallel and Distributed Systems, vol. 23, no. 6, pp. 1073-1080, June 2012.
5. S. -Z. Yu and H. Kobayashi, "An Efficient Forward-Backward Algorithm for an Explicit-Duration Hidden Markov Model," IEEE Signal Processing Letters, vol. 10, no. 1, pp. 11-14, Jan. 2003.
6. http://sist. sysu. edu. cn/~syu/Publications/HSMMs_AIJ. pdf.
7. A. Mahanti, D. Eager, and C. Williamson, "Temporal Locality and Its Impact on Web Proxy Cache Performance," Performance Evaluation, vol. 42, nos. 2/3, pp. 187-203, 2000.
8. Y. Xie and S. Yu, "Measuring the Normality of Web Proxies Behavior Based on Locality Principles," Network and Parallel Computing, vol. 5245, pp. 61-73, 2008.
9. http://www. ijert. org/view-pdf/9043/packets-flow-based-intrusion-detection-technique-for-websites.
10. http://www. ipnetworksinc. com/pdfs/citrix/Citrix%20Appl. %20FW%20 White%20Paper. pdf.
11. S. Choi and R. Wette, "Maximum Likelihood Estimation of the Parameters of the Gamma Distribution and Their Bias," Technometrics,vol. 11, no. 4, pp. 683-690, 1969.
12. J. Devore ,Probability and Statistics for Engineering and the Sciences. Cengage Learning, 2008.
13. Y. Zhong, X. Shen, and C. Ding, "Program Locality Analysis Using Reuse Distance," ACM Trans. Programming Languages and Systems, vol. 31, no. 6, p. 20, 2009.
14. https://www. sans. org/reading-room/whitepapers/ application/web-based- attacks-2053
15. http://www. computer. org/csdl/trans/td/2013/07/ttd201307140 1-abs. html
16. http://www. researchgate. net/publication/260358229_Resisting_Web_ProxyBased_HTTP_Attacks_by_Temporal_and_Spatial_Locality_Behavior

Traffic Analysis Traffic Modeling Distributed Denial Of Service Attack Attack Detection Attack Response