ConnectionScore: a statistical technique to resist application-layer DDoS attacks

Beitollahi, Hakem

doi:10.1007/s12652-013-0196-5

Cited by 34 publications

(23 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e continuity of such requests at a higher rate will collapse a web server as it is unable to process a valid HTTP GET request. Beitollahi and Deconinck [24] and Sree and Bhanu [25] mentioned that an HTTP GET flood attack can stress bandwidth and outbound traffic, memory, CPU cycles, and input and output devices.…”

Section: Web Server Architecturementioning

confidence: 99%

Review of Recent Detection Methods for HTTP DDoS Attack

Jaafar

Abdullah

Ismail

2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

With increment in dependency on web technology, a commensurate increase has been noted in destructive attempts to disrupt the essential web technologies, hence leading to service failures. Web servers that run on Hypertext Transfer Protocol (HTTP) are exposed to denial-of-service (DoS) attacks. A sophisticated version of this attack known as distributed denial of service (DDOS) is among the most dangerous Internet attacks, with the ability to overwhelm a web server, thereby slowing it down and potentially taking it down completely. This paper reviewed 12 recent detection of DDoS attack at the application layer published between January 2014 and December 2018. A summary of each detection method is summarised in table view, along with in-depth critical analysis, for future studies to conduct research pertaining to detection of HTTP DDoS attack.

show abstract

Section: Web Server Architecturementioning

confidence: 99%

Review of Recent Detection Methods for HTTP DDoS Attack

Jaafar

Abdullah

Ismail

2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

show abstract

“…This way, the trace information collected from the accesses made by legitimate clients and bots from the first machine is likely to portray a real-world scenario. We took 150 bots, which were assigned a pool of unique IP address, to generate the bot traffic [39], [40]. This set of IP address is further used to differentiate between legitimate and bot requests in the access logs during processing.…”

Section: B Designmentioning

confidence: 99%

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Singh¹,

Singh²,

Kumar³

2018

IJISA

View full text Add to dashboard Cite

Internet was designed to serve the basic requirement of data transfer between systems. The security perspectives were therefore overlooked due to which the Internet remains vulnerable to a variety of attacks. Among all the possible attacks, Distributed Denial of Service (DDoS) attack is one of the eminent threats that target the availability of the online services to the intended clients. Now-a-days, attackers target application layer of the network stack to orchestrate attacks having a high degree of sophistication. GET flood attacks have been very much prevalent in recent years primarily due to advancement of bots allowing impersonating legitimate client behavior. Differentiating between a human client and a bot is therefore necessary to mitigate an attack. This paper introduces a mitigation framework based on Fuzzy Control System that takes as input two novel detection parameters. These detection parameters make use of clients' behavioral characteristic to measure their respective legitimacy. We design an experimental setup that incorporates two widely used benchmark web logs (Clarknet and WorldCup) to build legitimate and attack datasets. Further, we use these datasets to assess the performance of the proposed through well-known evaluation metrics. The results obtained during this work point towards the efficiency of our proposed system to mitigate a wide range of GET flood attack types.

show abstract

“…For example, the work in [22] adopt Adaptive Selective Verification (ASV) to detect slow-requesting HTTP-DDoS. Similarly, the work in [23] proposed using statistical analysis to build connection scores based on several traffic attributes, including the browsing behavior (e.g., requested page type and popularity). However, similar methods rely on content inspection to detect HTTP-DDoS.…”

Section: Related Workmentioning

confidence: 99%

Trustworthy DDoS Defense: Design, Proof of Concept Implementation and Testing

Eid

Aida

2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks based on HTTP and HTTPS (i.e., HTTP(S)-DDoS) are increasingly popular among attackers. Overlay-based mitigation solutions attract small and mediumsized enterprises mainly for their low cost and high scalability. However, conventional overlay-based solutions assume content inspection to remotely mitigate HTTP(S)-DDoS attacks, prompting trust concerns. This paper reports on a new overlay-based method which practically adds a third level of client identification (to conventional per-IP and per-connection). This enhanced identification enables remote mitigation of more complex HTTP(S)-DDoS categories without content inspection. A novel behaviorbased reputation and penalty system is designed, then a simplified proof of concept prototype is implemented and deployed on DeterLab. Among several conducted experiments, two are presented in this paper representing a single-vector and a multi-vector complex HTTP(S)-DDoS attack scenarios (utilizing LOIC, Slowloris, and a custom-built attack tool for HTTPS-DDoS). Results show nearly 99.2% reduction in attack traffic and 100% chance of legitimate service. Yet, attack reduction decreases, and cost in service time (of a specified file) rises, temporarily during an approximately 2 minutes mitigation time. Collateral damage to non-attacking clients sharing an attack IP is measured in terms of a temporary extra service time. Only the added identification level was utilized for mitigation, while future work includes incorporating all three levels to mitigate switching and multi-request per connection attack categories.

show abstract

ConnectionScore: a statistical technique to resist application-layer DDoS attacks

Cited by 34 publications

References 23 publications

Review of Recent Detection Methods for HTTP DDoS Attack

Review of Recent Detection Methods for HTTP DDoS Attack

Fuzzy-based User Behavior Characterization to Detect HTTP-GET Flood Attacks

Trustworthy DDoS Defense: Design, Proof of Concept Implementation and Testing

Contact Info

Product

Resources

About