A.Aafreen, Kannan Balasubramanian,M.Tech, Ph.D.
Indirect attack has been a serious threat to server security due to their covert nature. Web proxy Distributed Denial of Service Attack is an increasingly common internet phenomenon and is capable of making the internet services unavailable. Such type of attack cannot be easily discovered by most existing defense systems since malicious traffic is hidden in the aggregated traffic. Also the source of the attack traffic and normal traffic cannot be distinguished, because both of them share the same IP of the proxy server. To overcome this problem, a new improved Hidden semimarkov model is proposed. Therefore applying this proposed method protects the origin server from the web proxy based HTTP attacks. Web proxy‘s access behavior can be regarded as the combination of the externally observable behavior and the internal driving mechanism. The internal driving mechanism can be estimated by the observable features of proxy-to-server traffic through the Hidden semi-markov model. Hidden semi-markov model describes the dynamic behavior process of the aggregated traffic. The false positive rate is also detected with respect to the incoming traffic.