Web server workload characterization: the search for invariants
Proceedings of the 1996 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Self-similarity in World Wide Web traffic: evidence and possible causes
IEEE/ACM Transactions on Networking (TON)
Rank aggregation methods for the Web
Proceedings of the 10th international conference on World Wide Web
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
An Empirical Model of HTTP Network Traffic
INFOCOM '97 Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution
Telling humans and computers apart automatically
Communications of the ACM - Information cities
User Centric Walk: An Integrated Approach for Modeling the Browsing Behavior of Users on the Web
ANSS '05 Proceedings of the 38th annual Symposium on Simulation
A Zipf-Like Distribution of Popularity and Hits in the Mobile Web Pages with Short Life Time
PDCAT '06 Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Evaluating Variable-Length Markov Chain Models for Analysis of User Web Navigation Sessions
IEEE Transactions on Knowledge and Data Engineering
A low-cost attack on a Microsoft captcha
Proceedings of the 15th ACM conference on Computer and communications security
An investigation of Zipf's Law for fraud detection (DSS#06-10-1826R(2))
Decision Support Systems
Modeling of cache access behavior based on Zipf's law
Proceedings of the 9th workshop on MEmory performance: DEaling with Applications, systems and architecture
Monitoring the application-layer DDoS attacks for popular websites
IEEE/ACM Transactions on Networking (TON)
DDoS-shield: DDoS-resilient scheduling to counter application layer attacks
IEEE/ACM Transactions on Networking (TON)
Modeling human behavior for defense against flash-crowd attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
IEEE Security and Privacy
How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Exploiting Cloud Utility Models for Profit and Ruin
CLOUD '11 Proceedings of the 2011 IEEE 4th International Conference on Cloud Computing
SP 800-145. The NIST Definition of Cloud Computing
SP 800-145. The NIST Definition of Cloud Computing
| Hi-index | 0.00 |
Initial threat modeling and security research on the public cloud model has primarily focused on the confidentiality and integrity of data transferred, processed, and stored in the cloud. Little attention has been paid to the external threat sources that have the capability to affect the financial viability, hence the long-term availability, of services hosted in the public cloud. Similar to an application-layer DDoS attack, a Fraudulent Resource Consumption (FRC) attack is a much more subtle attack carried out over a longer duration of time. The objective of the attacker is to exploit the utility pricing model which governs the resource usage in the cloud model by fraudulently consuming web content with the purpose of depriving the victim of their long-term economic availability of hosting publicly accessible web content in the cloud. In this paper, we thoroughly describe the FRC attack and discuss why current application-layer DDoS detection schemes are not applicable to a more subtle attack. We propose three detection metrics that together form the criteria for identifying a FRC attack from that of normal web activity. Experimental results based on three plausible attack scenarios show that an attacker without knowledge of the web log has a difficult time mimicking the self-similar and consistent request semantics of normal web activity.