A methodology for selecting hardware performance counters for supporting non-intrusive diagnostic of flood DDoS attacks on web servers. Issue 110 (November 2021)
- Record Type:
- Journal Article
- Title:
- A methodology for selecting hardware performance counters for supporting non-intrusive diagnostic of flood DDoS attacks on web servers. Issue 110 (November 2021)
- Main Title:
- A methodology for selecting hardware performance counters for supporting non-intrusive diagnostic of flood DDoS attacks on web servers
- Authors:
- Nascimento, Pablo Pessoa do
Pereira, Paulo
Mialaret, Jr Marco
Ferreira, Isac
Maciel, Paulo - Abstract:
- Abstract: Web server outages caused by a Distributed Denial of Service (DDoS) attacks have increased considerably over the years. Intrusion Detection Systems (IDS) are not sufficient to detect threats in the system, even when used in conjunction with Intrusion Prevention Systems (IPS) and even considering the use of data sets containing information about typical situations and attacks on the system's service. Performing analyzes with a very dense amount of observed variables can cost a significant amount of host resources. Furthermore, these data sets are at risk of not representing the system's behavior properly, and they cannot always be shared as they may contain confidential information in the diagnostic data. This paper presents a non-intrusive diagnostic methodology to select hardware performance counters in HTTP flood DDoS attacks on enterprise-level web servers, combining methods and techniques from different segments. The proposed approach uses low-level resource appliances such as Hardware Performance Counters (HPCs) for diagnosis, creating behavioral profiles in the face of attacks and usual service usage. The proposed strategy supports delivering reliable diagnoses with accurate characterization without third-party data sets. With the proposed methodology, we were able to reduce HPCs by 26%, compared to the initial group.
- Is Part Of:
- Computers & security. Issue 110(2021)
- Journal:
- Computers & security
- Issue:
- Issue 110(2021)
- Issue Display:
- Volume 110, Issue 110 (2021)
- Year:
- 2021
- Volume:
- 110
- Issue:
- 110
- Issue Sort Value:
- 2021-0110-0110-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-11
- Subjects:
- Methodology -- Diagnosis -- Distributed Denial of Service -- Hardware Performance Counters -- Infrastructure -- Web Server
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2021.102434 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 18910.xml