Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

中文翻译：

---

HTTP DDoS构成的伪造请求标头的最新分析。

应用程序层分布式拒绝服务（DDoS）攻击很难检测。应用程序层的不足使得HTTP DDoS的形成成为可能，因为请求标头不是必须附加在HTTP请求中的。此外，标头是可编辑的，从而为攻击者提供了执行HTTP DDoS的优势，因为它包含几乎可以模拟真实客户端请求的请求标头。据作者所知，最近没有研究提供伪造的请求标头模式以及当前HTTP DDoS攻击脚本的执行。除此之外，HTTP DDoS的当前数据集无法公开获得，这导致研究人员披露虚假标头的复杂性，导致他们依赖旧数据集而不是更多的当前攻击模式。因此，这项研究进行了一项分析，以揭示HTTP DDoS创建的伪造的请求标头模式。这项研究的结果成功揭示了由HTTP DDoS构成的八个伪造的请求标头模式。通过使用实际机器和八个真实的攻击脚本执行分析，这些脚本能够在最短的时间内使Web服务器不堪重负。解释了请求标头模式，并进行了关键分析以提供本文的结果。