• Proceedings of the Korean Information Science Society Conference
• /
• 2002.04a
• /
• pp.610-612
• /
• 2002

본 논문에서는 HTTP/1.1을 효율적으로 지원하는 부하 분산 정책을 제안하고자 한다. 이 정책은 사용자의 첫 번째 요청이 전달되면 그 요청의 내장 객체 정보와 현재 살아 있는 HTTP 연결의 에이징(aging)을 고려하여 서버를 선택하는 알고리즘이다. 그리고 디스패처의 잘못된 분산 결정으로 인해 시스템의 성능에 누적되는 악영향을 최소화하기 위한 기법도 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.515-518
• /
• 2001

HTTP/1.0은 동일한 서버로부터 각각의 개체에 대하여 개별적인 TCP 연결을 생성하기 때문에 다중의 요구를 비효율적으로 처리한다. 이러한 문제를 해결하기 위한 방안으로 제안된 HTTP/1.1 은 TCP연결을 지속적인 연결(Persistent connection)이라는 개념을 도입하여 하나의 TCP 연결 상에서 다중의 요구(Request)를 처리하도록 하고 있다[9]. 네트워크가 발전됨에 따라 사용자가 늘어나고 다양해지면서 서비스의 차별화 문제가 중요한 문제로 대두되었다[3,5]. 본 논문에서 제시하는 Diff(Differentiated)-HTTP은 웹 서버에 서비스를 요청한 클라이언트들에게 차별화 된 서비스를 제공하기 위해서 사용자를 두 등급, 기본 등급과 우선 순위를 고려한 상위 등급으로 구분한다. 각 등급은 제한 시간(Holding Time)으로 차별화 되고 상위 등급에 속한 클라이언트에게 제한된 시간을 증가시켜 지연을 최소로 함으로써 고품질의 서비스를 제공하는 방안을 제안한다.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.10
• /
• pp.713-722
• /
• 2003

The purpose of this study was to define an interactive learning object of ILO through implementation of learning object content standardization technology for the reuse of interactive tools between learners, and to develop I(Interactive)-HTTP for the ILO to properly communicate with LMS. 1-HTTP developed here was enabled to keep connection status during the entire session by improving the existing HTTP with its stateless connection property. This ceaseless connection made it possible to provide users with the real-time interactivity between learners that happened frequently in the ILO. Also, because the I-HTTP was an expanded version of HTTP, it was possible to conduct general HTML documentation as well as ILO. In particular, the standardized launch process between LMS and ILO was embodied in adding the INIT, GETVAL, SETVAL, COMMBT, FINISH methods in the protocol, and the results from the interactivity between ILO learners were channeled to the database storage to save them through separately defined data models.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2001.04a
• /
• pp.507-510
• /
• 2001

HTTP/1.1 standard reduces latencies and overhead from closing and re-establishing connections by supporting persistent connections as a default, which encourage multiple transfers of objects over one connection. HTTP/1.1, however, does not define explicitly connection-closing time but specifies a certain fixed holding time model. This model may induce wasting server's resource when server maintains conn ection with the idle-state client that requests no data for a certain time. This paper proposes the mechanism of a heuristic connection management supported by the client-side under persistent HTTP, in addition to HTTP/1.1's fixed holding time model on server-side. The client exploits the tag information within transferred HTML page so that decides connection-closing time. As a result, the mechanism allows server to use server's resource more efficiently without server's efforts.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 1999.11a
• /
• pp.305-311
• /
• 1999

IETF(Internet Engineering Task Force) RFC 2069 recommend to accept the DAA(Digest Access Authentication) scheme ill the HTTP 1.1(Hype. Text Transfer Protocol 1.1). When the client want to access the protected URI resources with Web Server, the BAA scheme is not considered to be a secure method of user authentication, as the user name and password are passed over the network as clear text. But, The DAA scheme is proposed to create a access authentication method which avoids the serious flaws of BAA(ie, passed over the network as clear text). The flaw of DAA is not supported the confidentiality services between client and server. This paper is proposed a confidentiality service scheme for HTTP environment, as an extension to DAA

• Journal of KIISE
• /
• v.44 no.1
• /
• pp.95-106
• /
• 2017

HTTP adaptive streaming has recently emerged to handle the rapidly growing traffic and to provide high quality multimedia contents. To improve the QoE (Quality of Experience) for HTTP adaptive streaming service, the average video bitrate should be maximized, and the video switching frequency (difference of bitrate between adjacent segments) and video stalling events need to be minimized. The recently proposed quality adaptation algorithms for HTTP adaptive streaming do not provide high QoE, since detailed QoE factors such as video switching frequency and bitrate difference of adjacent segments, are not considered. In this paper, we propose a SQA (Smooth Quality Adaptation) algorithm to improve the user QoE. The proposed algorithm provides the smoothed QoE, such that it minimizes the unnecessary video switching events by maintaining the quality in a certain period, thus minimizing the bitrate difference of adjacent segments. Through simulation, we confirm that the proposed algorithm reduces the unnecessary switching events, and prevents the sudden decrease in video quality.

• Smart Media Journal
• /
• v.12 no.2
• /
• pp.66-75
• /
• 2023

Recently, the number of cloud web applications is increasing owing to the accelerated migration of enterprises and public sector information systems to the cloud. Traditional network attacks on cloud web applications are characterized by Denial of Service (DoS) attacks, which consume network resources with a large number of packets. However, HTTP DoS attacks, which consume application resources, are also increasing recently; as such, developing security technologies to prevent them is necessary. In particular, since low-bandwidth HTTP DoS attacks do not consume network resources, they are difficult to identify using traditional security solutions that monitor network metrics. In this paper, we propose a new detection model for detecting HTTP DoS attacks on cloud web applications by collecting the application metrics of web servers and learning them using machine learning. We collected 18 types of application metrics from an Apache web server and used five machine learning and two deep learning models to train the collected data. Further, we confirmed the superiority of the application metrics-based machine learning model by collecting and training 6 additional network metrics and comparing their performance with the proposed models. Among HTTP DoS attacks, we injected the RUDY and HULK attacks, which are low- and high-bandwidth attacks, respectively. As a result of detecting these two attacks using the proposed model, we found out that the F1 scores of the application metrics-based machine learning model were about 0.3 and 0.1 higher than that of the network metrics-based model, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.39-52
• /
• 2011

An application-layer attack can effectively achieve its objective with a small amount of traffic, and detection is difficult because the traffic type is very similar to that of legitimate users. We have discovered a unique characteristic that is produced by a difference in client intention: Both a legitimate user and DDoS attacker establish a session through a 3-way handshake over the TCP/IP layer. After a connection is established, they request at least one HTTP service by a Get request packet. The legitimate HTTP user waits for the server's response. However, an attacker tries to terminate the existing session right after the Get request. These different actions can be interpreted as a difference in client intention. In this paper, we propose a detection algorithm for application layer DDoS attacks based on this difference. The proposed algorithm was simulated using traffic dump files that were taken from normal user networks and Botnet-based attack tools. The test results showed that the algorithm can detect an HTTP-Get flooding attack with almost zero false alarms.

• Proceedings of the Korean Information Science Society Conference
• /
• 2001.04a
• /
• pp.361-363
• /
• 2001

HTTP/1.0은 동일한 서버로부터 각각의 개체에 대하여 개별적인 TCP 연결을 생성하기 때문에 다중의 요구를 비효율적으로 처리한다. 이러한 문제를 해결하기 위한 방안으로 제안된 HTTP/1.0은 TCP 연결을 지속적인 연결(Persistent connection)이라는 개념을 도입하여 하나의 TCP 연결 상에서 다중의 요구(Request)를 처리하도록 하고 있다.[9]. 네트워크가 발전됨에 따라 사용자가 늘어나고 다양해지면서 서비스의 차별화 문제가 중요한 문제로 대두되었다.[3.5]. 본 논문에서 제시하는 Diff(Differentiated)-HTTP은 웹 서버에 서비스를 요청한 클라이언트들에게 차별화 된 서비스를 제공하기 위해서 사용자들 두 등급, 기본 등급과 우선 순위를 고려한 상위 등급으로 구분한다. 각 등급은 제한시간(Holding Time)으로 차별화 되고 상위 등급에 속한 클라이언트에게 제한된 시간을 증가시켜 지연을 최소로 함으로써 고품질의 서비스를 제공하는 방안을 제안한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.5
• /
• pp.1801-1816
• /
• 2014

Because HTTP-related ports are allowed through firewalls, they are an obvious point for launching cyber attacks. In particular, malware uses HTTP protocols to communicate with their master servers. We call this an HTTP-based command and control (C&C) server. Most previous studies concentrated on the behavioral pattern of C&Cs. However, these approaches need a well-defined white list to reduce the false positive rate because there are many benign applications, such as automatic update checks and web refreshes, that have a periodic access pattern. In this paper, we focus on finding new discriminative features of HTTP-based C&Cs by analyzing HTTP activity sets. First, a C&C shows a few connections at a time (low density). Second, the content of a request or a response is changed frequently among consecutive C&Cs (high content variability). Based on these two features, we propose a novel C&C analysis mechanism that detects the HTTP-based C&C. The HAS-Analyzer can classify the HTTP-based C&C with an accuracy of more than 96% and a false positive rate of 1.3% without using any white list.