Application Layer and Operating System Collaboration to Improve Qos Against Ddos Attack
ABSTRACT
This paper presents a new mechanism for delivering Qual- ity of Service (QoS) guarantees for web-based applications in the face of Distributed Denial of Service (DDoS) attacks.
It accomplishes this by scheduling incoming requests based on a valuation/cost analysis to prioritize and service these requests in a more e±cient manner. This research di®ers from previous works by collaborating with the web server 's
Operating System (OS) through the use of probes, which provide active feedback of application resource state. Other heuristics that have proven successful in DDoS detection and prevention are also employed in an extensible framework to facilitate site-speci¯c customization. The e±cacy of this so- lution is demonstrated by showing its ability to mitigate sev- eral types of application-level DDoS attacks on laboratory test-beds representing commonly deployed web application server con¯gurations.
1. INTRODUCTION
Distributed Denial of Service is a threat that has been re- searched and addressed signi¯cantly at the network com- munication level. Previous research in this area has pro- duced many techniques [5, 1] to detect and protect against
DDoS. Initial attacks were focused on architectural weak- nesses in the Internet 's communication protocols. In re- sponse, commercial o®erings that directly integrate into ded- icated ¯rewall appliances have been developed to combat network layer threats [16, 17, 26] 1 such as TCP SYN,
UDP, and ICMP Flood attacks. With an average of more than 5000 Denial of Service attacks per day [24] 1 and the association of criminal o®enses to these activities [25] 1 ,
DDoS continues to be a signi¯cant problem.
As DDoS detection and defense evolve [13] 1 , attacks have migrated from the network level to the application layer.
1These numeric references are incorrect. Add web-based references to bib
Contemporary web sites deliver dynamic, personalized con- tent that is database-driven. CPU cycles
This paper presents a new mechanism for delivering Qual- ity of Service (QoS) guarantees for web-based applications in the face of Distributed Denial of Service (DDoS) attacks.
It accomplishes this by scheduling incoming requests based on a valuation/cost analysis to prioritize and service these requests in a more e±cient manner. This research di®ers from previous works by collaborating with the web server 's
Operating System (OS) through the use of probes, which provide active feedback of application resource state. Other heuristics that have proven successful in DDoS detection and prevention are also employed in an extensible framework to facilitate site-speci¯c customization. The e±cacy of this so- lution is demonstrated by showing its ability to mitigate sev- eral types of application-level DDoS attacks on laboratory test-beds representing commonly deployed web application server con¯gurations.
1. INTRODUCTION
Distributed Denial of Service is a threat that has been re- searched and addressed signi¯cantly at the network com- munication level. Previous research in this area has pro- duced many techniques [5, 1] to detect and protect against
DDoS. Initial attacks were focused on architectural weak- nesses in the Internet 's communication protocols. In re- sponse, commercial o®erings that directly integrate into ded- icated ¯rewall appliances have been developed to combat network layer threats [16, 17, 26] 1 such as TCP SYN,
UDP, and ICMP Flood attacks. With an average of more than 5000 Denial of Service attacks per day [24] 1 and the association of criminal o®enses to these activities [25] 1 ,
DDoS continues to be a signi¯cant problem.
As DDoS detection and defense evolve [13] 1 , attacks have migrated from the network level to the application layer.
1These numeric references are incorrect. Add web-based references to bib
Contemporary web sites deliver dynamic, personalized con- tent that is database-driven. CPU cycles
References: ddos attacks. Networks, 2003. ICON2003. The 11th IEEE International Conference on, pages 461{466, 28 Sept.-1 Oct. 2003. Inter. Tech., 7(1):5, 2007. service attacks. Communications and Networking in China, 2006 Conference on, pages 1{5, 25-27 Oct. 2006. Computational Sciences, 2006. IMSCCS '06. First International Multi-Symposiums on, 2:56{63, 20-24 ddos attacks. Networking and Services, 2007. ICNS.