Mitigation of Random Query String DoS via Gossip

  • Stefano Ferretti
  • Vittorio Ghini
Part of the Communications in Computer and Information Science book series (CCIS, volume 285)

Abstract

This paper presents a mitigation scheme to cope with the random query string Denial of Service (DoS) attack, which is based on a vulnerability of current Content Delivery Networks (CDNs), a storage technology widely exploited to create reliable large scale distributed systems and cloud computing system architectures. Basically, the attack exploits the fact that edge servers composing a CDN, receiving an HTTP request for a resource with an appended random query string never saw before, ask the origin server for a (novel) copy of the resource. This request to the origin server is made also if the edge server contains a copy of the resource in its storage. Such characteristics can be employed to take an attack against the origin server by exploiting edge servers. In fact, the attacker can send different random query string requests to different edge servers that will overload the origin server with simultaneous (and unneeded) requests. Our strategy is based on the adoption of a simple gossip protocol, executed by edge servers, to detect the attack. Based on such a detection, countermeasures can be taken to protect the origin server, the CDN and thus the whole distributed system architecture against the attack. We provide simulation results that show the viability of our approach.

Keywords

Content Delivery Network Origin Server Query String Alert Message Edge Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ager, B., Mühlbauer, W., Smaragdakis, G., Uhlig, S.: Comparing dns resolvers in the wild. In: Proceedings of the 10th Annual Conference on Internet Measurement, IMC 2010, pp. 15–21. ACM, New York (2010)CrossRefGoogle Scholar
  2. 2.
    Al-Qudah, Z., Lee, S., Rabinovich, M., Spatscheck, O., Van der Merwe, J.: Anycast-aware transport for content delivery networks. In: Proceedings of the 18th International Conference on World Wide Web, WWW 2009, pp. 301–310. ACM, New York (2009)CrossRefGoogle Scholar
  3. 3.
    Broberg, J., Buyya, R., Tari, Z.: Metacdn: Harnessing ’storage clouds’ for high performance content delivery. J. Network and Computer Applications, 1012–1022 (2009)Google Scholar
  4. 4.
    Chiu, C., Lin, H., Yuan, S.: Cloudedge: a content delivery system for storage service in cloud environment. Int. J. Ad Hoc Ubiquitous Comput. 6, 252–262 (2010)CrossRefGoogle Scholar
  5. 5.
    Contributors, G.P.: GSL - GNU scientific library - GNU project - free software foundation (FSF) (2010), http://www.gnu.org/software/gsl/
  6. 6.
    D’Angelo, G., Ferretti, S.: Simulation of scale-free networks. In: Simutools 2009: Proc. of the 2nd International Conference on Simulation Tools and Techniques, pp. 1–10. ICST, Brussels (2009)Google Scholar
  7. 7.
    D’Angelo, G., Stefano, F., Moreno, M.: Adaptive event dissemination for peer-to-peer multiplayer online games. In: Proceedings of the International Workshop on DIstributed SImulation and Online Gaming (DISIO 2011) - ICST Conference on Simulation Tools and Techniques (SIMUTools 2011), pp. 1–8. ICST, Brussels (2011)Google Scholar
  8. 8.
    Ferretti, S., Ghini, V., Panzieri, F., Pellegrini, M., Turrini, E.: Qos-aware clouds. In: Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010, pp. 321–328. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  9. 9.
    Lee, K.-W., Chari, S., Shaikh, A., Sahu, S., Cheng, P.-C.: Improving the resilience of content distribution networks to large scale distributed denial of service attacks. Comput. Netw. 51, 2753–2770 (2007)MATHCrossRefGoogle Scholar
  10. 10.
    Leighton, T.: Akamai and cloud computing: A perspective from the edge of the cloud. Akamai White Paper (2010)Google Scholar
  11. 11.
    Poese, I., Frank, B., Ager, B., Smaragdakis, G., Feldmann, A.: Improving content delivery using provider-aided distance information. In: Proceedings of the 10th Annual Conference on Internet Measurement, IMC 2010, pp. 22–34. ACM, New York (2010)CrossRefGoogle Scholar
  12. 12.
    Schneider, D.: Network defense gone wrong. IEEE Spectrum 48, 11–12 (2011)Google Scholar
  13. 13.
    Su, A.-J., Choffnes, D.R., Kuzmanovic, A., Bustamante, F.E.: Drafting behind akamai: inferring network conditions based on cdn redirections. IEEE/ACM Trans. Netw. 17(6), 1752–1765 (2009)CrossRefGoogle Scholar
  14. 14.
    Su, A.-J., Kuzmanovic, A.: Thinning akamai. In: Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, IMC 2008, pp. 29–42. ACM, New York (2008)CrossRefGoogle Scholar
  15. 15.
    Triukose, S., Al-Qudah, Z., Rabinovich, M.: Content Delivery Networks: Protection or Threat? In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 371–389. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Stefano Ferretti
    • 1
  • Vittorio Ghini
    • 1
  1. 1.Department of Computer ScienceUniversity of BolognaBolognaItaly

Personalised recommendations