Analysis of realization and method of detecting low-intensity http-attacks. Part 2. Method of detecting slow http attacks

Abstract

Analysis of the implementation specifics Slow HTTP- attacks allowed to allocate a set of features, based on which is possible to detect this type of attack. The model of the web- server’s behavior when implementing Slow HTTP- attack was created. The model is based on Markov chains using the machine as a means of describing the web-server transitions between states. The formulary relations allowing to calculate the probability of transition of web-server into overload condition for known values of intensities Incoming and outgoing requests were derived. Definable relations allowing to calculate the transition to web-server overload condition using the method of generating functions were withdrawn.