Using graphic turing tests to counter automated DDoS attacks against web servers

Authors:
William G. Morein;Angelos Stavrou;Debra L. Cook;Angelos D. Keromytis;Vishal Misra;Dan Rubenstein
Affiliations:
Columbia University in the City of New York;Columbia University in the City of New York;Columbia University in the City of New York;Columbia University in the City of New York;Columbia University in the City of New York;Columbia University in the City of New York
Venue:
Proceedings of the 10th ACM conference on Computer and communications security
Year:
2003

Citing 23
Cited 32

Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web

STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Implementing a distributed firewall

Proceedings of the 7th ACM conference on Computer and communications security
Protecting web servers from distributed denial of service attacks

Proceedings of the 10th international conference on World Wide Web
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Chord: A scalable peer-to-peer lookup service for internet applications

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
A scalable content-addressable network

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback

IEEE/ACM Transactions on Networking (TON)
Efficient packet marking for large-scale IP traceback

Proceedings of the 9th ACM conference on Computer and communications security
SOS: secure overlay services

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Attacking DDoS at the Source

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
A Study of the Relative Costs of Network Security Protocols

Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Analysis of a Denial of Service Attack on TCP

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
A holistic approach to service survivability

Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Analyzing Distributed Denial of Service Tools: The Shaft Case

LISA '00 Proceedings of the 14th USENIX conference on System administration
Centertrack: an IP overlay network for tracking DoS floods

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Denial of service via algorithmic complexity attacks

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Mayday: distributed filtering for internet services

USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
On the performance of TCP splicing for URL-aware redirection

USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
CAPTCHA: using hard AI problems for security

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Recognizing objects in adversarial clutter: breaking a visual captcha

CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition

Mitigating bandwidth-exhaustion attacks using congestion puzzles

Proceedings of the 11th ACM conference on Computer and communications security
A Mutual Anonymous Peer-to-Peer Protocol Design

IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
WebSOS: an overlay-based system for protecting web servers from denial of service attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
IMAGINATION: a robust image-based CAPTCHA generation system

Proceedings of the 13th annual ACM international conference on Multimedia
Countering DoS attacks with stateless multipath overlays

Proceedings of the 12th ACM conference on Computer and communications security
A novel approach to detecting DDoS Attacks at an Early Stage

The Journal of Supercomputing
DDoS defense by offense

Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Survey of network-based defense mechanisms countering the DoS and DDoS problems

ACM Computing Surveys (CSUR)
A self-aware approach to denial of service defence

Computer Networks: The International Journal of Computer and Telecommunications Networking
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds

NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
AID: A global anti-DoS service

Computer Networks: The International Journal of Computer and Telecommunications Networking
Keeping Denial-of-Service Attackers in the Dark

IEEE Transactions on Dependable and Secure Computing
Pollution attacks and defenses for Internet caching systems

Computer Networks: The International Journal of Computer and Telecommunications Networking
Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)

Proceedings of the 2008 Spring simulation multiconference
A DoS-resilient information system for dynamic data management

Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures
A2M: Access-Assured Mobile Desktop Computing

ISC '09 Proceedings of the 12th International Conference on Information Security
WebSOS: an overlay-based system for protecting web servers from denial of service attacks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Exploiting the human-machine gap in image recognition for designing CAPTCHAs

IEEE Transactions on Information Forensics and Security
DDoS defense by offense

ACM Transactions on Computer Systems (TOCS)
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration

Computer Communications
Multi-agent-based Pay-Per-Use (PpU) distributed manufacturing

International Journal of Computer Applications in Technology
Users and services in intelligent networks

AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
Pervasive random beacon in the internet for covert coordination

IH'05 Proceedings of the 7th international conference on Information Hiding
gore: routing-assisted defense against DDoS attacks

ISC'05 Proceedings of the 8th international conference on Information Security
Distributed defence against denial of service attacks: a practical view

VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
How well can congestion pricing neutralize denial of service attacks?

Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems
A novel architecture for the generation of picture based CAPTCHA

ADCONS'11 Proceedings of the 2011 international conference on Advanced Computing, Networking and Security
Review: Analyzing well-known countermeasures against distributed denial of service attacks

Computer Communications
An incrementally deployable path address scheme

Journal of Parallel and Distributed Computing
A denial-of-service resistant DHT

DISC'07 Proceedings of the 21st international conference on Distributed Computing
IRIS: a robust information system against insider dos-attacks

Proceedings of the twenty-fifth annual ACM symposium on Parallelism in algorithms and architectures
Mitigating DoS Attacks Using Performance Model-Driven Adaptive Algorithms

ACM Transactions on Autonomous and Adaptive Systems (TAAS)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present WebSOS, a novel overlay-based architecture that provides guaranteed access to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits two key characteristics of the web environment: its design around a human-centric interface, and the extensibility inherent in many browsers through downloadable "applets." We guarantee access to a web server for a large number of previously unknown users, without requiring pre-existing trust relationships between users and the system.Our prototype requires no modifications to either servers or browsers, and makes use of graphical Turing tests, web proxies, and client authentication using the SSL/TLS protocol, all readily supported by modern browsers. We use the WebSOS prototype to conduct a performance evaluation over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency using both a Chord-based approach and our shortcut extension. Our evaluation shows the latency increase by a factor of 7 and 2 respectively, confirming our simulation results.