Abstract
Denial of Service (DoS) attacks overwhelm online services, preventing legitimate users from accessing a service, often with impact on revenue or consumer trust. Approaches exist to filter network-level attacks, but application-level attacks are harder to detect at the firewall. Filtering at this level can be computationally expensive and difficult to scale, while still producing false positives that block legitimate users.
This article presents a model-based adaptive architecture and algorithm for detecting DoS attacks at the web application level and mitigating them. Using a performance model to predict the impact of arriving requests, a decision engine adaptively generates rules for filtering traffic and sending suspicious traffic for further review, where the end user is given the opportunity to demonstrate they are a legitimate user. If no legitimate user responds to the challenge, the request is dropped. Experiments performed on a scalable implementation demonstrate effective mitigation of attacks launched using a real-world DoS attack tool.
- APERA. 2009. Application Performance Evaluation and Resource Allocator (APERA). http://www.alphaworks.ibm.com/tech/apera.Google Scholar
- Balbo, G. and Serazzi, G. 1997. Asymptotic analysis of multiclass closed queueing networks: Multiple bottlenecks. Performance Eval. 30, 3, 115--152. Google ScholarDigital Library
- Barna, C., Litoiu, M., and Ghanbari, H. 2011. Autonomic load-testing framework. In Proceedings of the International Conference on Autonomic Computing (ICAC’11). ACM, New York, 91--100. Google ScholarDigital Library
- Barna, C., Shtern, M., Smit, M., Tzerpos, V., and Litoiu, M. 2012. Model-based adaptive dos attack mitigation. In Proceedings of the ICSE Workshop on Software Engineering for Adaptive qnd Self-Managing Systems (SEAMS’12). ACM, New York, 119--128.Google Scholar
- Dobbins, R., Morales, C., Anstee, D., Arruda, J., Bienkowski, T., Hollyman, M., Labovitz, C., Nazario, J., Seo, E., and Shah, R. 2010. Worldwide InfrastructUre security report. Tech. rep., Arbor Networks.Google Scholar
- Eager, D. L. and Sevcik, K. C. 1983. Performance bound hierarchies for queueing networks. ACM Trans. Comput. Syst. 1, 2, 99--115. Google ScholarDigital Library
- Franks, G., Maly, P., Woodside, M., Petriu, D. C., Hubbard, A., and Mroz, M. 2012. Layered Queueing Network Solver (LQNS). http://www.sce.carleton.ca/rads/lqns.Google Scholar
- Garg, A. and Narasimha Reddy, A. L. 2002. Mitigation of DoS attacks through QoS regulation. In Proceedings of the 10th IEEE International Workshop on Quality of Service. IEEE, 45--53.Google Scholar
- Ghanbari, H., Barna, C., Litoiu, M., Woodside, M., Zheng, T., Wong, J., and Iszlai, G. 2011. Tracking adaptive performance models using dynamic clustering of user classes. In Proceedings of the 2nd ACM International Conference on Performance Engineering (ICPE’11). ACM, New York. Google ScholarDigital Library
- Gomaa, H. and Menascé, D. A. 2001. Performance engineering of component-based distributed software systems. In Performance Engineering, State of the Art and Current Trends, Springer, 40--55. Google ScholarDigital Library
- Gunther, N. J. 2006. Guerrilla Capacity Planning: A Tactical Approach to Planning for Highly Scalable Applications and Services. Springer Google ScholarDigital Library
- Imre, G., Levendovszky, T., and Charaf, H. 2007. Modeling the effect of application server settings on the performance of j2ee web applications. In Proceedings of the 2nd International Conference on Trends in Enterprise Application Architecture (TEAA’06). Springer, 202--216. Google ScholarDigital Library
- Jain, P., Jain, J., and Gupta, Z. 2011. Mitigation of denial of service (DoS) attack. Int. J. Comput.l Eng. Manage. 11, 38--44.Google Scholar
- Jiang, Z. M., Hassan, A. E., Hamann, G., and Flora, P. 2009. Automated performance analysis of load tests. In Proceedings of the IEEE International Conference on Software Maintenance (ICSM’09). IEEE, 125--134.Google Scholar
- Juels, A. and Brainard, J. G. 1999. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the Network and Distributed System Security Symposium. The Internet Society.Google Scholar
- Kalman, R. E. 1960. A new approach to linear filtering and prediction problems. Trans. ASME--J Basic Engineering 82, Series D, 35--45.Google ScholarCross Ref
- Kargl, F. and Maier, J. 2001. Protecting web servers from distributed denial of service attacks. In Proceedings of the 10th International Conference on World Wide Web. 514--524. Google ScholarDigital Library
- Khattab, S. M., Sangpachatanaruk, C., Melhem, R., Mosse, D., and Znati, T. 2003. Proactive server roaming for mitigating denial-of-service attacks. In Proceedings of the International Conference on Information Technology: Research and Education. 286--290.Google Scholar
- Lazowska, E. D., Zahorjan, J., Graham, G. S., and Sevcik, K. C. 1984. Quantitative System Performance: Computer System Analysis Using Queueing Network Models. Prentice-Hall, Inc., Upper Saddle River, NJ. Google ScholarDigital Library
- Litoiu, M. 2007. A performance analysis method for autonomic computing systems. ACM Trans. Auton. Adap. Syst. 2, 1, 3. Google ScholarDigital Library
- Litoiu, M. and Barna, C. 2012. A perfonnance analysis method for autonomic computing systems. ACM Trans. Auton. Adapt. Syst. 2, 1, 3. Google ScholarDigital Library
- Litoiu, M., Rolia, J., and Serazzi, G. 2000. Designing process replication and activation: A quantitative approach. IEEE Trans. Softw. Eng. 26, 12, 1168--1178. Google ScholarDigital Library
- Litoiu, M., Woodside, M., and Zheng, T. 2005. Hierarchical model-based autonomic control of software systems. SIGSOFT Softw. Eng. Notes 30, 4, 1--7. Google ScholarDigital Library
- Long, M., Wu, C.-H. J., Hung, J. Y., and Irwin, J. D. 2004. Mitigating performance degradation of network-based control systems under denial of service attacks. In Proceedings of the 30th Annual Conference of the IEEE Industrial Electronics Society (IECON’04). Vol. 3, IEEE, 2339--2342.Google Scholar
- Malik, H., Adams, B., Hassan, A. E., Flora, P., and Hamann, G. 2010. Using load tests to automatically compare the subsystems of a large enterprise system. In Proceedings of the IEEE 34th Annual Computer Software and Applications Conference (COMPSAC’10). IEEE, 117--126. Google ScholarDigital Library
- Menascé, D. A. 2002. Simple analytic modeling of software contention. SIGMETRICS Perform. Eval. Rev. 29, 4, 24--30. Google ScholarDigital Library
- Menascé, D. A. and Almeida, V. A. F. 1998. Capacity Planning for Web Performance: Metrics, Models, and Methods. Prentice-Hall, Inc., Upper Saddle River, NJ. Google ScholarDigital Library
- Menascé, D. A. and Almeida, V. A. F. 2000. Scaling for E Business: Technologies, Models, Performance, and Capacity Planning. Prentice Hall PTR, Upper Saddle River, NJ. Google ScholarDigital Library
- Mirković, J. 2002. D-WARD: DDoS Network Attack Recognition and Defense. http://fmg-www.cs.ucla.edu/ddos.Google Scholar
- Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., and Rajarajan, M. 2013. A survey of intrusion detection techniques in cloud. J. Network Computer Appl. 36, 1, 42--57. Google ScholarDigital Library
- Morein, W. G., Stavrou, A., Cook, D. L., Keromytis, A. D., Misra, V., and Rubenstein, D. 2003. Using graphic turing tests to counter automated DDoS attacks against web servers. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03). ACM, New York, 8--19. Google ScholarDigital Library
- Nguyen, T. H., Doan, C. T., Nguyen, V. Q., Nguyen, T. H. T., and Doan, M. P. 2011. Distributed defense of distributed DoS using pushback and communicate mechanism. In Proceedings of the International Advanced Technologies for Communications Conference. 178--182.Google Scholar
- OPERA. 2013. Optimization, Performance Evaluation and Resource Allocator (OPERA). http://www.ceraslabs.com/technologies/opera.Google Scholar
- Oshima, S., Nakashima, T., and Sueyoshi, T. 2010. Early DoS/DDoS detection method using short-term statistics. In Proceedings of the International Complex, Intelligent and Software Intensive Systems Conference. 168--173. Google ScholarDigital Library
- Pandey, A. K. and Pandu Rangan, C. 2011. Mitigating denial of service attack using proof of work and token bucket algorithm. In Proceedings of the IEEE Students’ Technology Symposium. 43--47.Google Scholar
- Reiser, M. and Lavenberg, S. S. 1980. Mean-value analysis of closed multichain queuing networks. J. ACM 27, 2, 313--322. Google ScholarDigital Library
- Rolia, J. A. and Sevcik, K. C. 1995. The method of layers. IEEE Trans. Softw. Eng. 21 8, 689--700. Google ScholarDigital Library
- Roman, J., Radek, B., Radek, V., and Libor, S. 2011. Launching distributed denial of service attacks by network protocol exploitation. In Proceedings of the 2nd International Conference on Applied Informatics and Computing Theory (AICT’11). World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, WI, 210--216. Google ScholarDigital Library
- Sachdeva, M., Singh, G., and Kumar, K. 2011. Deployment of distributed defense against DDoS attacks in ISP domain. Int. J. Comput. Appl. 15, 2, 25--31.Google ScholarCross Ref
- Sopitkamol, M. and Menascé, D. A. 2005. A method for evaluating the impact of software configuration parameters on e-commerce sites. In Proceedings of the 5th International Workshop on Software and Performance (WOSP’05). ACM, New York, 53--64. Google ScholarDigital Library
- Thakkar, D. 2009. Automated capacity planning and support for enterprise applications. M.S. thesis, Queens University.Google Scholar
- Thakkar, D., Hassan, A. E., Hamann, G., and Flora, P. 2008. A framework for measurement based performance modeling. In Proceedings of the 7th International Workshop on Software and Performance (WOSP’08). ACM, New York, 55--66. Google ScholarDigital Library
- The Hacker’s Choice. 2012. THC SSL DOS. http://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos.Google Scholar
- Woodside, M., Zheng, T., and Litoiu, M. 2005. The use of optimal filters to track parameters of performance models. In Proceedings of the 2nd International Conference on the Quantitative Evaluation of Systems (QEST’05). IEEE, 74. Google ScholarDigital Library
- Wu, X. and Yau, Y. D. K. 2007. Mitigating denial-of-service attacks in MANET by incentive based packet filtering: A game-theoretic approach. In Proceedings of the 3rd International Conference on Security and Privacy in Communications Networks and the Workshops (SecureComm’07). 310--319.Google Scholar
- Zahorjan, J., Sevcik, K. C., Eager, D. L., and Galler, B. I. 1981. Balanced job bound analysis of queueing networks. In Proceedings of the ACM SIGMETRICS Conference on Measurement and Modeling of Computer Systems (SIGMETRICS’81). ACM. Google ScholarDigital Library
- Zheng, T., Yang, J., Woodside, M., Litoiu, M., and Iszlai, G. 2005. Tracking time-varying parameters in software systems with extended Kalman filters. In Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research (CASCON’05). IBM Press, 334--345. Google ScholarDigital Library
- Zuckerman, E., Roberts, H., McGrady, R., York, J., and Palfrey, J. 2010. Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites. Berkman Center for Internet & Society.Google Scholar
Index Terms
- Mitigating DoS Attacks Using Performance Model-Driven Adaptive Algorithms
Recommendations
Machine learning combating DOS and DDOS attacks
In recent years, technology is booming at a breakneck speed as so the need of security. Vulnerabilities in the layers of the OSI model and the networks are paving new ways for intruders and hackers to steal the confidential information. Security attacks ...
Mitigating denial of service attacks: a tutorial
This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Denial of service attacks, defences and research challenges
This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of ...
Comments