Vulnerable Path Attack and its Detection

• Chuyu She,
• Wushao Wen,
• Quanqi Ye,
• Kesong Zheng,

Vol. 11, No. 4, April 29, 2017
10.3837/tiis.2017.04.018, Download Paper (Free):

• Application-layer DDoS attack
• Path vulnerabilities-based attack
• Web-resource-weighted-directed graph
• Top M longest path algorithm
• Finite-state machine

Abstract

Application-layer Distributed Denial-of-Service (DDoS) attack is one of the leading security problems in the Internet. In recent years, the attack strategies of application-layer DDoS have rapidly developed. This paper introduces a new attack strategy named Path Vulnerabilities-Based (PVB) attack. In this attack strategy, an attacker first analyzes the contents of web pages and subsequently measures the actual response time of each webpage to build a web-resource-weighted-directed graph. The attacker uses a Top M Longest Path algorithm to find M DDoS vulnerable paths that consume considerable resources when sequentially accessing the pages following any of those paths. A detection mechanism for such attack is also proposed and discussed. A finite-state machine is used to model the dynamical processes for the state of the user’s session and monitor the PVB attacks. Numerical results based on real-traffic simulations reveal the efficiency of the attack strategy and the detection mechanism.

Statistics

Cite this article