Skip to main content
SpringerLink
Log in
Book cover

International Conference on Scalable Information Systems

INFOSCALE 2009: Scalable Information Systems pp 175–191Cite as

A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks

  • Conference paper

Abstract

Application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols, prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and attackers. Its key insight is that a server should give priority to protecting the connectivity of good users during application layer DDoS attacks, instead of identifying all the attack requests. The trust to clients is evaluated based on their visiting history, and used to schedule the service to their requests. We introduce license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. We realize this mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that TMH is effective in mitigating session flooding attack: even with 20 times number of attackers, more than 99% of the sessions from legitimate users are accepted with TMH; whereas less than 18% are accepted without it.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Arlitt, M., Williamson, C.: Web Server Workload Characterization: The Search for Invariants. In: Proceedings of ACM SIGMETRICS 1996 (1996)

    Google Scholar 

  2. Athanasopoulos, E., Anagnostakis, K., Markatos, E.: Misusing Unstructured P2P systems to Perform DoS Attacks: The Network That Never Forgets. In: Zhou, J., Yung, M., Bao, F. (eds.) ACNS 2006. LNCS, vol. 3989, pp. 130–145. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Chen, Y., Hwang, K., Ku, W.: Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transations on Parallel and Distributed Systems (2007)

    Google Scholar 

  4. Cornelli, F., Damiani, E., Vimercati, S., Paraboschi, S., Samarati, P.: Choosing reputable servents in a p2p network. In: Proceedings of WWW 2002 (2002)

    Google Scholar 

  5. Douglis, F., Feldmannz, A., Krishnamurthy, B.: Rate of change and other metrics: a live study of the World Wide Web. In: Proceedings of USENIX Symposium on Internetworking Technologies and Systems (1997)

    Google Scholar 

  6. Khattab, S., Gobriel, S., Melhem, R., Mossäe, D.: Live Baiting for Service-level DoS Attackers. In: Proceedings of INFOCOM 2008 (2008)

    Google Scholar 

  7. Li, Q., Chang, E., Chan, M.: On the Effectiveness of DDoS Attacks on Statistical Filtering. In: Proceedings of INFOCOM 2005 (2005)

    Google Scholar 

  8. Liang, J., Naoumov, N., Ross, K.W.: The Index Poisoning Attack in P2P File Sharing Systems. In: Proceedings of INFOCOM 2006 (2006)

    Google Scholar 

  9. Lu, L., Chan, M., Chang, E.: Analysis of a General Probabilistic Packet Marking Model for IP traceback. In: Proceedings of ASIACCS 2008 (2008)

    Google Scholar 

  10. Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P.: Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall PTR, Englewood Cliffs (2004)

    Google Scholar 

  11. Mirkovic, J., Prier, G.: Attacking DDoS at the source. In: Proceedings of ICNP 2002 (2002)

    Google Scholar 

  12. Morein, W.G., Stavrou, A., Cook, D.L., Keromytis, A.D., Misra, V., Rubenstein, D.: Using graphical turing tests to counter automated DDoS attacks against web servers. In: Proceedings of ACM CCS 2003 (2003)

    Google Scholar 

  13. Naoumov, N., Ross, K.: Exploiting P2P Systems for DDoS Attacks. In: Proceedings of INFOSCALE 2006 (2006)

    Google Scholar 

  14. Natu, M., Mirkovic, J.: Fine-Grained Capabilities for Flooding DDoS Defense Using Client Reputations. In: Proceedings of LSAD 2007 (2007)

    Google Scholar 

  15. Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection. In: Proceedings of INFOCOM 2006 (2006)

    Google Scholar 

  16. Srivatsa, M., Xiong, L., Liu, L.: TrustGuard: Countering Vulnerabilities in Reputation Management for Decentralized Overlay Networks. In: Proceedings of WWW 2005 (2005)

    Google Scholar 

  17. Srivatsa, M., Iyengar, A., Yin, J., Liu, L.: Mitigating application-level denial of service attacks on Web servers: A client-transparent approach. ACM Transactions on the Web (2008)

    Google Scholar 

  18. Stone, R.: CenterTrack: An IP Overlay Network for Tracking DoS Floods. In: Proceeding of 9th Usenix Security Symposium (2002)

    Google Scholar 

  19. Thing, V.L.L., Lee, H.C.J., Sloman, M.: Traffic Redirection Attack Protection System (TRAPS). In: Proceedings of IFIP SEC 2005 (2005)

    Google Scholar 

  20. Tupakula, U., Varadharajan, V.: A Practical Method to Counteract Denial of Service Attacks. In: Proceedings of ACSC 2003 (2003)

    Google Scholar 

  21. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S.: DDoS Defense by Offense. In: Proceedings of SIGCOMM 2006 (2006)

    Google Scholar 

  22. Xie, Y., Yu, S.: Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on Networking (2009)

    Google Scholar 

  23. Xie, Y., Yu, S.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Transactions on Networking (2009)

    Google Scholar 

  24. Yu, J., Li, Z., Chen, H., Chen, X.: A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks. In: Proceedings of ICNS 2007 (2007)

    Google Scholar 

  25. Yu, J., Li, Z., Chen, X.: Misusing Kademlia protocol to perform DDoS attacks. In: Proceedings of ISPA 2008 (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, National University of Defense Technology, China

    Jie Yu

  2. Department of Computer Science, National University of Singapore, Singapore

    Jie Yu, Chengfang Fang & Liming Lu

  3. School of Computer Science and Engineering, Beihang University, China

    Zhoujun Li

Authors
  1. Jie Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chengfang Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liming Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhoujun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IBM Zurich Research Laboratory, Saeumerstr. 4, 8803, Rueschlikon, Switzerland

    Peter Mueller

  2. Department of Computing, Hung Hom, Hong Kong Polytechnic University, Kowloon, Hong Kong

    Jian-Nong Cao

  3. Department of Computer Science, The University of Hong Kong, Pokfulam Road, Hong Kong

    Cho-Li Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Yu, J., Fang, C., Lu, L., Li, Z. (2009). A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks. In: Mueller, P., Cao, JN., Wang, CL. (eds) Scalable Information Systems. INFOSCALE 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 18. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10485-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10485-5_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10484-8

  • Online ISBN: 978-3-642-10485-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation