HTTPreject: Handling Overload Situations without Losing the Contact to the User

Schneider, Joerg; Koch, Sebastian

doi:10.1109/ec2nd.2010.7

Cited by 4 publications

(12 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…HTTPredirect is a modified version of the HTTPreject module proposed in a previous study and serves as the front end to the Web server to be protected. It is similar to the HTTPreject system in that of being stateless and in the way it functions, except for the following: Instead of responding with 200 OK message, it responds with 307 Temporary Redirect, which automatically redirects clients to one of the CAPTCHA nodes selected at random (or based on some other selection policy). It passes through connection requests relayed by the CAPTCHA nodes to the Web server.…”

Section: System Architecturementioning

confidence: 99%

“…Flash crowd events are usually predictable because they are associated with certain events (eg, new movie release, election results, and student registration). However, in other cases, flash crowd events may happen suddenly as a result of a major accident or a world event, such as the volcano ash that affected Europe's air traffic, whereby flight delays and cancelations ignited travelers to keep checking their flight status over and over . While a website can provision enough resources in advance to handle the expected overload situation, this provisioning can be very costly or technically difficult to set up within a short time.…”

Section: Introductionmentioning

confidence: 99%

“…However, in other cases, flash crowd events may happen suddenly as a result of a major accident or a world event, such as the volcano ash that affected Europe's air traffic, whereby flight delays and cancelations ignited travelers to keep checking their flight status over and over. 8 While a website can provision enough resources in advance to handle the expected overload situation, this provisioning can be very costly or technically difficult to set up within a short time. Therefore, providing a service that is able to handle sever overload resulting from a flash crowd event can be an effective solution in these cases.…”

Section: Introductionmentioning

confidence: 99%

“…As for addressing flash crowds, there have been few proposed techniques to distinguish flash crowd events from DDoS attacks, eg, the works of Chen and Hwang, 13 Wang et al, 14 and Li et al, 15 or to handle flash crowd events, eg, the HTTPreject system. 8 This paper proposes ReCAP as an integrated solution that combines a modified version of HTTPreject and a distributed CAPTCHA service in such a way as to mitigate application-layer botnet-based DDoS attacks while dealing with flash crowd events in a way similar to that proposed in the work of Schneider and Koch. 8 The main thesis of the proposed system is to require clients of a website during an overload situation to solve a CAPTCHA puzzle provided by one of several CAPTCHA nodes.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

ReCAP: A distributed CAPTCHA service at the edge of the network to handle server overload

Al-Hammouri

Al-Ali

Al-Duwairi

2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Web server overload resulting from an application layer–based distributed denial‐of‐service (DDoS) attack or a flash crowd event continues to be a major problem in today's internet because it renders the Web server unavailable in both cases. In this paper, we propose a novel system, called ReCAP, that handles server overload resulting from application layer–based DDoS attacks or flash crowd events. The system is envisioned as a service that can be provided to websites that have limited resources with no infrastructure in place to handle these events. The main goal of ReCAP is to filter attack traffic in case of a DDoS attack event and to provide users with basic information during a flash crowd event. The proposed system is composed of 2 main modules: (1) the HTTPredirect module, which is a stateless Hypertext Transfer Protocol server that redirects Web requests destined to the targeted Web server to the second module, and (2) the distributed Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA) service, which comprises a large number of powerful nodes geographically and suitably distributed in the internet acting as a large distributed firewall. All requests to the origin Web server are redirected to the CAPTCHA nodes, which can segregate legitimate clients from automated attacks by requiring them to solve a challenge. Upon successful response, legitimate clients (humans) are forwarded through a given CAPTCHA node to the Web server. These CAPTCHA proxies are envisioned to be placed intrinsically at the edge of the network in the proximity of the clients to curb communication delays, and thus perceived response times, and to relieve the core network from further traffic congestion. In particular, such organization fits squarely in the fifth use case scenario presented in the European Telecommunications Standards Institute Mobile Edge Computing Industry Specification Group's introductory technical paper on Mobile‐Edge Computing. In conclusion, the performance evaluation shows that the proposed system is able to mitigate application‐layer DDoS attacks while incurring acceptable delays for legitimate clients as a result of redirecting them to and via CAPTCHA nodes.

show abstract

Section: System Architecturementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

ReCAP: A distributed CAPTCHA service at the edge of the network to handle server overload

Al-Hammouri

Al-Ali

Al-Duwairi

2017

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…The five categories are high rate DDoS (HR-DDoS) attacks, low rate DDoS (LR-DDoS) attacks, flash crowd (FC) attacks, outer blocking (OB), and traceback and client validation (TB and CV). Various researchers [1, 19–23] highlighted that the protective scheme or framework should protect web applications from high rate DDoS (HR-DDoS) attacks, whilst other researchers suggested it should provide a protection for web applications from Low Rate DDoS (LR-DDoS) attacks [24, 26]. Other researchers [26, 27] claimed that it should provide protection against flash crowd (FC) attacks.…”

Section: Literature Reviewmentioning

confidence: 99%

A Novel Protective Framework for Defeating HTTP‐Based Denial of Service and Distributed Denial of Service Attacks

Manaf

2015

The Scientific World Journal

View full text Add to dashboard Cite

The growth of web technology has brought convenience to our life, since it has become the most important communication channel. However, now this merit is threatened by complicated network-based attacks, such as denial of service (DoS) and distributed denial of service (DDoS) attacks. Despite many researchers' efforts, no optimal solution that addresses all sorts of HTTP DoS/DDoS attacks is on offer. Therefore, this research aims to fix this gap by designing an alternative solution called a flexible, collaborative, multilayer, DDoS prevention framework (FCMDPF). The innovative design of the FCMDPF framework handles all aspects of HTTP-based DoS/DDoS attacks through the following three subsequent framework's schemes (layers). Firstly, an outer blocking (OB) scheme blocks attacking IP source if it is listed on the black list table. Secondly, the service traceback oriented architecture (STBOA) scheme is to validate whether the incoming request is launched by a human or by an automated tool. Then, it traces back the true attacking IP source. Thirdly, the flexible advanced entropy based (FAEB) scheme is to eliminate high rate DDoS (HR-DDoS) and flash crowd (FC) attacks. Compared to the previous researches, our framework's design provides an efficient protection for web applications against all sorts of DoS/DDoS attacks.

show abstract