Defense Method of HTTP GET Flood Attack by Adaptively Controlling Server Resources Depending on Different Attack Intensity

Abstract

The Internet currently provides a multitude of services, which have become essential for everyday life such as disclosure of company information, online services, and e-commerce. Therefore, interruptions to these services greatly inconvenience the public. A denial of service (DoS) attack affects regular users' access to a network resource. DoS tools usually include a function for monitoring the status of the targeted server that allows the attacker to confirm the effectiveness of the current attack and the defense activities of the server, and thus plan further attacks. By observing the effectiveness of the current attack, the attacker can adjust the attack intensity to match the server's status. Depending on the defense response, the perpetrator can judge whether their attack is being mitigated using certain techniques. If the attacker observes a defensive response to the attack, the attacker can respond by changing the attack method, abandoning the attack, or targeting a more vulnerable server. We propose a method that allows the server to maintain its service to users relatively unaffected by the attacks, responds optimally to each attacker, and impedes the attacker's ability to detect defensive responses. In this paper, we implement our proposed method and evaluate the effectiveness of the system.