Elements of information theory
Elements of information theory
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Integrating user-perceived quality into Web server design
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Protecting web servers from distributed denial of service attacks
Proceedings of the 10th international conference on World Wide Web
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Profiling internet backbone traffic: behavior models and applications
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Conflict-aware scheduling for dynamic content applications
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Scalable content-aware request distribution in cluster-based networks servers
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
The method of types [information theory]
IEEE Transactions on Information Theory
Using whitelisting to mitigate DDoS attacks on critical internet sites
IEEE Communications Magazine
Defense techniques for low-rate DoS attacks against application servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting fraudulent use of cloud resources
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Intra-domain IP traceback using OSPF
Computer Communications
WSFAggressor: an extensible web service framework attacking tool
Proceedings of the Industrial Track of the 13th ACM/IFIP/USENIX International Middleware Conference
Countermeasures on application level low-rate denial-of-service attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Survey Cyber security in the Smart Grid: Survey and challenges
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
| Hi-index | 0.00 |
Countering distributed denial of service (DDoS) attacks is becoming ever more challenging with the vast resources and techniques increasingly available to attackers. In this paper, we consider sophisticated attacks that are protocol-compliant, non-intrusive, and utilize legitimate application-layer requests to overwhelm system resources. We characterize application-layer resource attacks as either request flooding, asymmetric, or repeated one-shot, on the basis of the application workload parameters that they exploit. To protect servers from these attacks, we propose a counter-mechanism namely DDoS Shield that consists of a suspicion assignment mechanism and a DDoS-resilient scheduler. In contrast to prior work, our suspicion mechanism assigns a continuous value as opposed to a binary measure to each client session, and the scheduler utilizes these values to determine if and when to schedule a session's requests. Using testbed experiments on a web application, we demonstrate the potency of these resource attacks and evaluate the efficacy of our counter-mechanism. For instance, we mount an asymmetric attack which overwhelms the server resources, increasing the response time of legitimate clients from 0.3 seconds to 40 seconds. Under the same attack scenario, DDoS Shield improves the victims' performance to 1.5 seconds.