Mitigating distributed denial of service attacks at the application layer

“…Particularly, the authors analyzed Mirai, an attack that was conducted using large number of IoT devices, compromised with application layer dictionary attacks and lured into the botnets. In [5], [7], [8], [6], the authors proposed various Layer 7 attack detection techniques, such as additional client tests (CAPTCHA, passwords, puzzles, JavaScript authentication); web logs analysis and building a profile of a legitimate user; analysis of the visiting history of clients; traffic classification. LAMP is compatible with all of these approaches since it is designed for fast mitigation of attacks after they are detected by a member(s) of the network.…”

“…The number of attacks at the application layer is growing, according to the "Global DDoS Threat Landscape Report" [3]. Current detection techniques for application layer attacks include wide range of measures including (1) Pattern analysis of HTTP requests; (2) Browsing behavior analysis using web logs; (3) Geo-location analysis of web clients; (4) Machine learning pre-profiling legitimate traffic; (5) Application layer challenges, such as as CAPTCHA; (6) JavaScript engine authentication and many others ([4], [5], [6], [7], [8]). All of these techniques require application data analysis with high computational capabilities, which are usually available at the powerful end hosts.…”

LAMP: Prompt Layer 7 Attack Mitigation with Programmable Data Planes

“…Particularly, the authors analyzed Mirai, an attack that was conducted using large number of IoT devices, compromised with application layer dictionary attacks and lured into the botnets. In [5], [7], [8], [6], the authors proposed various Layer 7 attack detection techniques, such as additional client tests (CAPTCHA, passwords, puzzles, JavaScript authentication); web logs analysis and building a profile of a legitimate user; analysis of the visiting history of clients; traffic classification. LAMP is compatible with all of these approaches since it is designed for fast mitigation of attacks after they are detected by a member(s) of the network.…”

“…The number of attacks at the application layer is growing, according to the "Global DDoS Threat Landscape Report" [3]. Current detection techniques for application layer attacks include wide range of measures including (1) Pattern analysis of HTTP requests; (2) Browsing behavior analysis using web logs; (3) Geo-location analysis of web clients; (4) Machine learning pre-profiling legitimate traffic; (5) Application layer challenges, such as as CAPTCHA; (6) JavaScript engine authentication and many others ([4], [5], [6], [7], [8]). All of these techniques require application data analysis with high computational capabilities, which are usually available at the powerful end hosts.…”

LAMP: Prompt Layer 7 Attack Mitigation with Programmable Data Planes