Mitigation of Random Query String DoS via Gossip
This paper presents a mitigation scheme to cope with the random query string Denial of Service (DoS) attack, which is based on a vulnerability of current Content Delivery Networks (CDNs), a storage technology widely exploited to create reliable large scale distributed systems and cloud computing system architectures. Basically, the attack exploits the fact that edge servers composing a CDN, receiving an HTTP request for a resource with an appended random query string never saw before, ask the origin server for a (novel) copy of the resource. This request to the origin server is made also if the edge server contains a copy of the resource in its storage. Such characteristics can be employed to take an attack against the origin server by exploiting edge servers. In fact, the attacker can send different random query string requests to different edge servers that will overload the origin server with simultaneous (and unneeded) requests. Our strategy is based on the adoption of a simple gossip protocol, executed by edge servers, to detect the attack. Based on such a detection, countermeasures can be taken to protect the origin server, the CDN and thus the whole distributed system architecture against the attack. We provide simulation results that show the viability of our approach.
KeywordsContent Delivery Network Origin Server Query String Alert Message Edge Server
Unable to display preview. Download preview PDF.
- 3.Broberg, J., Buyya, R., Tari, Z.: Metacdn: Harnessing ’storage clouds’ for high performance content delivery. J. Network and Computer Applications, 1012–1022 (2009)Google Scholar
- 5.Contributors, G.P.: GSL - GNU scientific library - GNU project - free software foundation (FSF) (2010), http://www.gnu.org/software/gsl/
- 6.D’Angelo, G., Ferretti, S.: Simulation of scale-free networks. In: Simutools 2009: Proc. of the 2nd International Conference on Simulation Tools and Techniques, pp. 1–10. ICST, Brussels (2009)Google Scholar
- 7.D’Angelo, G., Stefano, F., Moreno, M.: Adaptive event dissemination for peer-to-peer multiplayer online games. In: Proceedings of the International Workshop on DIstributed SImulation and Online Gaming (DISIO 2011) - ICST Conference on Simulation Tools and Techniques (SIMUTools 2011), pp. 1–8. ICST, Brussels (2011)Google Scholar
- 10.Leighton, T.: Akamai and cloud computing: A perspective from the edge of the cloud. Akamai White Paper (2010)Google Scholar
- 12.Schneider, D.: Network defense gone wrong. IEEE Spectrum 48, 11–12 (2011)Google Scholar