著者
Mizuki Watanabe Ryotaro Kobayashi Masahiko Kato
出版者
Information Processing Society of Japan
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.23, no.5, pp.655-663, 2015 (Released:2015-09-15)
参考文献数
15
被引用文献数
1 1

Currently, Web services are widely utilized to disclose company information, and offer online services and e-commerce. As these services have become an essential part of our everyday lives, the public is greatly inconvenienced when they are disrupted. Denial of service (DoS) attacks exert adverse influences on Web services. We focus on HTTP-GET Flood attacks, which are manually operable DoS attacks. It is possible to simply block manually operable DoS attacks such as F5 attacks on the server side; however, such measures could be noticed by the attackers. Therefore, to prevent the attacker changing their method of attack, it is possible to overcome the attack by redirecting the attack to another system, for which a previous study has proposed a feasible technique located in the service provider. The previous study assumes a correlation between the CPU resource and the request error rate. However, the Web Server actually has multiple resources. Therefore, it is important to be able to control the server resources rather than the CPU and the memory. The operational implementation of the proposed method and the evaluation experiments confirm the effectiveness of the proposed method.
著者
Yuya Takeuchi Takuro Yoshida Ryotaro Kobayashi Masahiko Kato Hiroyuki Kishimoto
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.57, no.9, 2016-09-15

The Domain Name System (DNS), whose major function is to manage associations between domain names and IP addresses, plays a major role in managing the Internet. Thus, a DNS impairment would significantly impact society. A major cause of DNS impairment is Distributed Denial of Service (DDoS) attack on authoritative DNS servers. Our study focuses on the recently emerging DDoS attack known as the DNS Water Torture Attack. This attack causes open resolvers, which are improperly configured cache DNS servers that accept requests from both LAN and WAN, to send many queries to resolve domains managed by target servers. Domain names for resolving sent in this attack include varying random subdomains. Cache servers certainly will not have cached data for these queries, and so a huge volume of queries converges to the target authoritative servers via cache servers. In this paper, we propose a detection method for this attack using the Naive Bayes Classifier. Experimental results show that our method is capable of detecting this attack with a 95.59% detection rate. Moreover, the results of performance simulation show that our method is fast enough to process more than 2.3Gbps of traffic on the fly.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.24(2016) No.5 (online)DOI http://dx.doi.org/10.2197/ipsjjip.24.793------------------------------