Departmental Bulletin Paper DDoS 攻撃ログデータ解析による人と攻撃通信判別に関する研究

橘, 弘智  ,  有川, 祐樹  ,  臼崎, 翔太郎  ,  久保田, 真一郎  ,  高塚, 佳代子  ,  山場, 久昭  ,  岡崎, 直宣

46pp.239 - 246 , 2017-07-31 , 宮崎大学工学部
Web services are indispensable in everyday life, and damage caused by denial of service (DoS)/distributed denial of service (DDoS) attacks is becoming serious. An intrusion detection system (IDS) is very useful to detect various attacks including DDoS attacks. But an IDS often makes false detections, not a few legitimate accesses are reported as attacks. Then, there is a possibility that a legitimate user who is detected erroneously can not receive service . We proposed a system to mitigate HTTP-GET Flood attack that is one of DoS/DDoS attacks in the previous work. This system not only can protect servers from attacks using IDS but also can guarantee their services by introducing a server that picks out legitimate accesses in the accesses detected by the IDS. In this study, we propose a method to find out legitimate accesses that is the important part of the HTTP-GET Flood attack mitigation system. Information obtained from the access log is used in the method. Besides, since false detections such that an attack is picked out as a legitimate access make IDSs ineffective, the proposed method must keep such false detection rate low. We conducted an experiment that uses an access log of an actual server to verify the effectiveness of this system. The result of the experiment showed that the proposed method picked out many of the legitimate users that were charged by the IDS falsely and could practically avoid picking out malicious attacks by mistake.

Number of accesses :  

Other information