Abstract
Application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols, prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and attackers. Its key insight is that a server should give priority to protecting the connectivity of good users during application layer DDoS attacks, instead of identifying all the attack requests. The trust to clients is evaluated based on their visiting history, and used to schedule the service to their requests. We introduce license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. We realize this mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that TMH is effective in mitigating session flooding attack: even with 20 times number of attackers, more than 99% of the sessions from legitimate users are accepted with TMH; whereas less than 18% are accepted without it.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Arlitt, M., Williamson, C.: Web Server Workload Characterization: The Search for Invariants. In: Proceedings of ACM SIGMETRICS 1996 (1996)
Athanasopoulos, E., Anagnostakis, K., Markatos, E.: Misusing Unstructured P2P systems to Perform DoS Attacks: The Network That Never Forgets. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 130–145. Springer, Heidelberg (2006)
Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transations on Parallel and Distributed Systems (2007)
Cornelli, F., Damiani, E., Vimercati, S., Paraboschi, S., Samarati, P.: Choosing reputable servents in a p2p network. In: Proceedings of WWW 2002 (2002)
Douglis, F., Feldmannz, A., Krishnamurthy, B.: Rate of change and other metrics: a live study of the World Wide Web. In: Proceedings of USENIX Symposium on Internetworking Technologies and Systems (1997)
Khattab, S., Gobriel, S., Melhem, R., Mossäe, D.: Live Baiting for Service-level DoS Attackers. In: Proceedings of INFOCOM 2008 (2008)
Li, Q., Chang, E., Chan, M.: On the Effectiveness of DDoS Attacks on Statistical Filtering. In: Proceedings of INFOCOM 2005 (2005)
Liang, J., Naoumov, N., Ross, K.W.: The Index Poisoning Attack in P2P File Sharing Systems. In: Proceedings of INFOCOM 2006 (2006)
Lu, L., Chan, M., Chang, E.: Analysis of a General Probabilistic Packet Marking Model for IP traceback. In: Proceedings of ASIACCS 2008 (2008)
Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall PTR, Englewood Cliffs (2004)
Mirkovic, J., Prier, G.: Attacking DDoS at the source. In: Proceedings of ICNP 2002 (2002)
Morein, W.G., Stavrou, A., Cook, D.L., Keromytis, A.D., Misra, V., Rubenstein, D.: Using graphical turing tests to counter automated DDoS attacks against web servers. In: Proceedings of ACM CCS 2003 (2003)
Naoumov, N., Ross, K.: Exploiting P2P Systems for DDoS Attacks. In: Proceedings of INFOSCALE 2006 (2006)
Natu, M., Mirkovic, J.: Fine-Grained Capabilities for Flooding DDoS Defense Using Client Reputations. In: Proceedings of LSAD 2007 (2007)
Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection. In: Proceedings of INFOCOM 2006 (2006)
Srivatsa, M., Xiong, L., Liu, L.: TrustGuard: Countering Vulnerabilities in Reputation Management for Decentralized Overlay Networks. In: Proceedings of WWW 2005 (2005)
Srivatsa, M., Iyengar, A., Yin, J., Liu, L.: Mitigating application-level denial of service attacks on Web servers: A client-transparent approach. ACM Transactions on the Web (2008)
Stone, R.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. In: Proceeding of 9th Usenix Security Symposium (2002)
Thing, V.L.L., Lee, H.C.J., Sloman, M.: Traffic Redirection Attack Protection System (TRAPS). In: Proceedings of IFIP SEC 2005 (2005)
Tupakula, U., Varadharajan, V.: A Practical Method to Counteract Denial of Service Attacks. In: Proceedings of ACSC 2003 (2003)
Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS Defense by Offense. In: Proceedings of SIGCOMM 2006 (2006)
Xie, Y., Yu, S.: Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on Networking (2009)
Xie, Y., Yu, S.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Transactions on Networking (2009)
Yu, J., Li, Z., Chen, H., Chen, X.: A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks. In: Proceedings of ICNS 2007 (2007)
Yu, J., Li, Z., Chen, X.: Misusing Kademlia protocol to perform DDoS attacks. In: Proceedings of ISPA 2008 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Yu, J., Fang, C., Lu, L., Li, Z. (2009). A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks. In: Mueller, P., Cao, JN., Wang, CL. (eds) Scalable Information Systems. INFOSCALE 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10485-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-10485-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10484-8
Online ISBN: 978-3-642-10485-5
eBook Packages: Computer ScienceComputer Science (R0)