A Robust Mechanism for Defending Distributed Denial of Service Attacks on Web Servers
International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.2, March 2011
A ROBUST MECHANISM FOR DEFENDING
DISTRIBUTED DENIAL OF SERVICE ATTACKS ON
WEB SERVERS
Jaydip Sen
Innovation Labs, Tata Consultancy Services Ltd.,
Bengal Intelligent Park, Salt Lake Electronic Complex, Kolkata, INDIA
Jaydip.Sen@tcs.com
ABSTRACT
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
A ROBUST MECHANISM FOR DEFENDING
DISTRIBUTED DENIAL OF SERVICE ATTACKS ON
WEB SERVERS
Jaydip Sen
Innovation Labs, Tata Consultancy Services Ltd.,
Bengal Intelligent Park, Salt Lake Electronic Complex, Kolkata, INDIA
Jaydip.Sen@tcs.com
ABSTRACT
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
References: 2011), pp. 247 – 257, January 2 – 4, 2011, Bangalore, India. on Quality of Service, 2002. Software, Telecommunications and Computer Networks, pp. 763 – 767, University of Split, 2003. Antonio, TX, November 2001, Vol 4, pp. 2311 – 2315. [33] Leland, W., Taqqu, M., Willenger, W., Wilson, D.: On the Self-Similar Nature of Ethernet Traffic (Extended Version).” IEEE/ACM Transactions on Information Theory, 1999. [34] Reidi, R.H., Crouse, M.S., Ribiero, V., Baranuik, R.G.: A Multi-Fractal Wavelet Model with Application to TCP Network Traffic.” IEEE Transactions on Information Theory, 1999.