A Review of Detection Challenge for Signature and Anomaly-Based Detection in Detecting HTTP DDoS Attacks

Abstract

Distributed Denial of Service (DDoS) attacks have become one of the most serious concerns in the cybersecurity domain due to their ability to mimic legitimate traffic. The attack is significantly challenging to detect when occurring at the application layer because it exploits genuine request patterns, forged headers, automated attack tools, and public proxies to mimic legitimate traffic, making detection extremely difficult. This paper reviews signature-based and anomaly-based detection techniques utilized by prior studies to detect HTTP DDoS attacks. The review output reveals that signature-based detection methods are effective for known attack patterns, while anomaly-based detection excels at detecting previously unseen behaviors. However, the signature-based detection struggles to recognize new attack patterns, unlike anomaly-based detection. Both of these detections also experience significant challenges in differentiating between authentic users and automated attack tools when public proxies are used. This review concludes that signature-based and anomaly-based detection techniques remain inadequate for detecting the attack. This review also suggests that future research should focus on a hybrid detection to detect request headers in real-time and the multi-version HTTP protocol to improve detection accuracy.