Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection

Title
Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection
Author(s)
남승엽시로지띤
Keywords
SERVICE ATTACKS
Issue Date
201407
Publisher
KSII-KOR SOC INTERNET INFORMATION
Citation
KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, v.8, no.7, pp.2512 - 2531
Abstract
We propose a new Distributed Denial of Service (DDoS) defense mechanism that protects http web servers from application-level DDoS attacks based on the two methodologies: whitelist-based admission control and busy period-based attack flow detection. The attack flow detection mechanism detects attach flows based on the symptom or stress at the server, since it is getting more difficult to identify bad flows only based on the incoming traffic patterns. The stress is measured by the time interval during which a given client makes the server busy, referred to as a client-induced server busy period (CSBP). We also need to protect the servers from a sudden surge of attack flows even before the malicious flows are identified by the attack flow detection mechanism. Thus, we use whitelist-based admission control mechanism additionally to control the load on the servers. We evaluate the performance of the proposed scheme via simulation and experiment. The simulation results show that our defense system can mitigate DDoS attacks effectively even under a large number of attack flows, on the order of thousands, and the experiment results show that our defense system deployed on a linux machine is sufficiently lightweight to handle packets arriving at a rate close to the link rate.
URI
http://hdl.handle.net/YU.REPOSITORY/31487http://dx.doi.org/10.3837/tiis.2014.07.018
ISSN
1976-7277
Appears in Collections:
공과대학 > 모바일정보통신공학과 > Articles
Files in This Item:
There are no files associated with this item.
Export
RIS (EndNote)
XLS (Excel)
XML


qrcode

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

BROWSE