httperf—a tool for measuring web server performance
ACM SIGMETRICS Performance Evaluation Review
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Protecting web servers from distributed denial of service attacks
Proceedings of the 10th international conference on World Wide Web
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
On the use and performance of content distribution networks
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Handbook of Coding Theory
DNS performance and the effectiveness of caching
IEEE/ACM Transactions on Networking (TON)
LFSR-based Hashing and Authentication
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
A Precise and Efficient Evaluation of the Proximity Between Web Clients and Their Local DNS Servers
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
The effectiveness of request redirection on CDN robustness
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Bounds for binary codes of length less than 25
IEEE Transactions on Information Theory
Resilience in computer systems and networks
Proceedings of the 2009 International Conference on Computer-Aided Design
Content delivery networks: protection or threat?
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Analyzing resiliency of the smart grid communication architectures under cyber attack
CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
DDoS mitigation in content distribution networks
International Journal of Wireless and Mobile Computing
| Hi-index | 0.00 |
Distributed Denial of Service (DDoS) attacks remain a daunting challenge for Internet service providers. Previous work on countering these attacks has focused primarily on attacks at a single server location and the associated network infrastructure. Increasingly, however, high-volume sites are served via content distribution networks (CDNs). In this paper, we propose two mechanisms to withstand and deter DDoS attacks on CDN-hosted Web sites and the CDN infrastructure. First, we present a novel CDN request routing algorithm which allows CDN proxies to effectively distinguish attacks from the requests from actual users. The proposed scheme, based on the keyed hash function, can significantly improve the resilience of CDNs to DDoS attacks. In particular, the resilience of a CDN, consisting of n proxies, becomes O(n^2) with the proposed approach, when compared to a site hosted by a single server. We present performance numbers from a controlled test environment to show that the proposed approach is effective. Second, we introduce novel site allocation algorithms based on the well-established theory on binary codes. The proposed allocation algorithm guarantees an upper bound on the level of service outage of a CDN-hosted site even when a DoS attack on another site on the same CDN has been successful. Together, our schemes significantly improve the resilience of the Web sites hosted by CDNs, and complement other work on countering DoS.