• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection


Abstract

We propose a new Distributed Denial of Service (DDoS) defense mechanism that protects http web servers from application-level DDoS attacks based on the two methodologies: whitelist-based admission control and busy period-based attack flow detection. The attack flow detection mechanism detects attach flows based on the symptom or stress at the server, since it is getting more difficult to identify bad flows only based on the incoming traffic patterns. The stress is measured by the time interval during which a given client makes the server busy, referred to as a client-induced server busy period (CSBP). We also need to protect the servers from a sudden surge of attack flows even before the malicious flows are identified by the attack flow detection mechanism. Thus, we use whitelist-based admission control mechanism additionally to control the load on the servers. We evaluate the performance of the proposed scheme via simulation and experiment. The simulation results show that our defense system can mitigate DDoS attacks effectively even under a large number of attack flows, on the order of thousands, and the experiment results show that our defense system deployed on a linux machine is sufficiently lightweight to handle packets arriving at a rate close to the link rate.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
S. Y. Nam and S. Djuraev, "Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection," KSII Transactions on Internet and Information Systems, vol. 8, no. 7, pp. 2512-2531, 2014. DOI: 10.3837/tiis.2014.07.018.

[ACM Style]
Seung Yeob Nam and Sirojiddin Djuraev. 2014. Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection. KSII Transactions on Internet and Information Systems, 8, 7, (2014), 2512-2531. DOI: 10.3837/tiis.2014.07.018.

[BibTeX Style]
@article{tiis:20571, title="Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection", author="Seung Yeob Nam and Sirojiddin Djuraev and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2014.07.018}, volume={8}, number={7}, year="2014", month={July}, pages={2512-2531}}