WebSOS: an overlay-based system for protecting web servers from denial of service attacks

Stavrou, Angelos; Cook, Debra L.; Morein, William G.; Keromytis, Angelos D.; Misra, Vishal; Rubenstein, Dan

doi:10.1016/j.comnet.2005.01.005

Cited by 43 publications

(21 citation statements)

References 54 publications

(61 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The last class uses overlay networks [18], [35] to defend against DDoS attacks. Only predefined and authorized users are able to enter and use the overlay network.…”

Section: Related Workmentioning

confidence: 99%

WDA: A Web farm Distributed Denial Of Service attack attenuator

Doron

Wool

2011

Computer Networks

View full text Add to dashboard Cite

Distributed Denial Of Service (DDoS) attacks are familiar threats to Internet users for more than ten years. Such attacks are carried out by a "Bot net", an army of zombie hosts spread around the Internet, that overwhelm the bandwidth toward their victim Web server, by sending traffic upon command. This paper introduces WDA, a novel architecture to attenuate the DDoS attacker's bandwidth. WDA is especially designed to protect Web farms. WDA is asymmetric and only monitors and protects the uplink toward the Web farm, which is the typical bottleneck in DDoS attacks. Legitimate traffic toward Web farms is very distinctive since it is produced by humans using Web browsing software. Specifically, such upload traffic has low volume, and more importantly, has long off times that correspond to human view time. WDA utilizes these properties of legitimate client traffic to distinguish it from attack traffic, which tends to be continuous and heavy. A key feature of WDA is in its use of randomized thresholds that trap and penalize deterministic zombie traffic that tries to mimic human client patterns. WDA's heart is WDAQ, a novel active queue management mechanism aimed to prefer legitimate client traffic over attacker traffic. With WDA installed, the attacker traffic toward the victim is attenuated. Extensive simulation results show that WDA can defeat simple flooding attacks, and can attenuate the bandwidth usable by sophisticated WDA-aware attacks by orders of magnitude. As a consequence, the attacker must increase his "bot-net" size by the same factor, to compensate for the effects of WDA. Our simulations show that WDA can defend a typical Web farm from DDoS attacks launched by hundreds of thousands zombies, while keeping legitimate clients' service degradation under ten percent.

show abstract

“…The last class uses overlay networks [18], [35] to defend against DDoS attacks. Only predefined and authorized users are able to enter and use the overlay network.…”

Section: Related Workmentioning

confidence: 99%

WDA: A Web farm Distributed Denial Of Service attack attenuator

Doron

Wool

2011

Computer Networks

View full text Add to dashboard Cite

show abstract

“…Secure Overlay Services (SOS) [8], for example, uses a proxy approach based on the Chord network to protect applications against flooding DoS attacks. WebSOS [21] is an implementation of SOS for web servers that makes use of graphical Turing tests, web proxies and client authentication. Mayday [1] generalizes the SOS architecture and analyzes the implications of choosing different filtering techniques and overlay routing mechanisms.…”

Section: Related Workmentioning

confidence: 99%

A Denial-of-Service Resistant DHT

Awerbuch¹,

Scheideler²

2007

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We consider the problem of designing scalable and robust information systems based on multiple servers that can survive even massive denial-of-service (DoS) attacks. More precisely, we are focusing on designing a scalable distributed hash table (DHT) that is robust against so-called past insider attacks. In a past insider attack, an adversary knows everything about the system up to some time point t 0 not known to the system. After t0, the adversary can attack the system with a massive DoS attack in which it can block a constant fraction of the servers of its choice. Yet, the system should be able to survive such an attack in a sense that for any set of lookup requests, one per non-blocked (i.e., non-DoS attacked) server, every lookup request to a data item that was last updated after t0 can be served by the system, and processing all the requests just needs polylogarithmic time and work at every server. We show that such a system can be designed.

show abstract

“…We do not investigate how to ensure fees are paid, though many others have done so [7,8,41,42]). We do note that doing so is an easier task than requiring a trusted authority that can certify that each identity is an independent entity; the latter is difficult even with access to real-world documents [1].…”

Section: Goals and Modelmentioning

confidence: 99%

“…Micropayments [7,8,41,42] can be used to purchase certificates valid for a certain number of minutes or rounds in one or more applications. The seller of such certificates has a much easier task than a certification authority: she does not have to verify the identity of the purchasers, prevent customers from purchasing multiple certificates, or prevent certificates from being transfered.…”

Section: Entry Feesmentioning

confidence: 99%

“…For many applications, managing recurring payment of fees is a more reasonable solution. Several distributed, Internet-based micro-payment schemes can manage fees [7,8,41,42]. For applications whose users may be unwilling to make monetary payments, fees can also be imposed less robustly, though perhaps more readily, through the use of non-monetary mechanisms such as CAPTCHAs [43] and SMS messages.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Quantifying Resistance to the Sybil Attack

Margolin

Levine

Financial Cryptography and Data Security

View full text Add to dashboard Cite

Abstract. Sybil attacks have been shown to be unpreventable except under the protection of a vigilant central authority. We use an economic analysis to show quantitatively that some applications and protocols are more robust against the attack than others. In our approach, for each distributed application and an attacker objective, there is a critical value that determines the costeffectiveness of the attack. A Sybil attack is worthwhile only when the critical value is exceeded by the ratio of the value of the attacker's goal to the cost of identities. We show that for many applications, successful Sybil attacks may be expensive even when the Sybil attack cannot be prevented. Specifically, we propose the use of a recurring fee as a deterrent against the Sybil attack. As a detailed example, we look at four variations of the Sybil attack against a recurring fee based onion routing anonymous routing network and quantify its vulnerability.

show abstract

WebSOS: an overlay-based system for protecting web servers from denial of service attacks

Cited by 43 publications

References 54 publications

WDA: A Web farm Distributed Denial Of Service attack attenuator

WDA: A Web farm Distributed Denial Of Service attack attenuator

A Denial-of-Service Resistant DHT

Quantifying Resistance to the Sybil Attack

Contact Info

Product

Resources

About