research-article

Mitigating DoS Attacks Using Performance Model-Driven Adaptive Algorithms

Authors:
Cornel Barna

York University

York University
View Profile

,
Mark Shtern

York University

York University
View Profile

,
Michael Smit

Dalhousie University

Dalhousie University
View Profile

,
Vassilios Tzerpos

York University

York University
View Profile

,
Marin Litoiu

York University

York University
View Profile

ACM Transactions on Autonomous and Adaptive Systems Volume 9 Issue 1Article No.: 3pp 1–26https://doi.org/10.1145/2567926

Published:01 March 2014Publication History

ACM Transactions on Autonomous and Adaptive Systems

Abstract

Denial of Service (DoS) attacks overwhelm online services, preventing legitimate users from accessing a service, often with impact on revenue or consumer trust. Approaches exist to filter network-level attacks, but application-level attacks are harder to detect at the firewall. Filtering at this level can be computationally expensive and difficult to scale, while still producing false positives that block legitimate users.

This article presents a model-based adaptive architecture and algorithm for detecting DoS attacks at the web application level and mitigating them. Using a performance model to predict the impact of arriving requests, a decision engine adaptively generates rules for filtering traffic and sending suspicious traffic for further review, where the end user is given the opportunity to demonstrate they are a legitimate user. If no legitimate user responds to the challenge, the request is dropped. Experiments performed on a scalable implementation demonstrate effective mitigation of attacks launched using a real-world DoS attack tool.

References

APERA. 2009. Application Performance Evaluation and Resource Allocator (APERA). http://www.alphaworks.ibm.com/tech/apera.Google Scholar
Balbo, G. and Serazzi, G. 1997. Asymptotic analysis of multiclass closed queueing networks: Multiple bottlenecks. Performance Eval. 30, 3, 115--152. Google ScholarDigital Library
Barna, C., Litoiu, M., and Ghanbari, H. 2011. Autonomic load-testing framework. In Proceedings of the International Conference on Autonomic Computing (ICAC’11). ACM, New York, 91--100. Google ScholarDigital Library
Barna, C., Shtern, M., Smit, M., Tzerpos, V., and Litoiu, M. 2012. Model-based adaptive dos attack mitigation. In Proceedings of the ICSE Workshop on Software Engineering for Adaptive qnd Self-Managing Systems (SEAMS’12). ACM, New York, 119--128.Google Scholar
Dobbins, R., Morales, C., Anstee, D., Arruda, J., Bienkowski, T., Hollyman, M., Labovitz, C., Nazario, J., Seo, E., and Shah, R. 2010. Worldwide InfrastructUre security report. Tech. rep., Arbor Networks.Google Scholar
Eager, D. L. and Sevcik, K. C. 1983. Performance bound hierarchies for queueing networks. ACM Trans. Comput. Syst. 1, 2, 99--115. Google ScholarDigital Library
Franks, G., Maly, P., Woodside, M., Petriu, D. C., Hubbard, A., and Mroz, M. 2012. Layered Queueing Network Solver (LQNS). http://www.sce.carleton.ca/rads/lqns.Google Scholar
Garg, A. and Narasimha Reddy, A. L. 2002. Mitigation of DoS attacks through QoS regulation. In Proceedings of the 10th IEEE International Workshop on Quality of Service. IEEE, 45--53.Google Scholar
Ghanbari, H., Barna, C., Litoiu, M., Woodside, M., Zheng, T., Wong, J., and Iszlai, G. 2011. Tracking adaptive performance models using dynamic clustering of user classes. In Proceedings of the 2nd ACM International Conference on Performance Engineering (ICPE’11). ACM, New York. Google ScholarDigital Library
Gomaa, H. and Menascé, D. A. 2001. Performance engineering of component-based distributed software systems. In Performance Engineering, State of the Art and Current Trends, Springer, 40--55. Google ScholarDigital Library
Gunther, N. J. 2006. Guerrilla Capacity Planning: A Tactical Approach to Planning for Highly Scalable Applications and Services. Springer Google ScholarDigital Library
Imre, G., Levendovszky, T., and Charaf, H. 2007. Modeling the effect of application server settings on the performance of j2ee web applications. In Proceedings of the 2nd International Conference on Trends in Enterprise Application Architecture (TEAA’06). Springer, 202--216. Google ScholarDigital Library
Jain, P., Jain, J., and Gupta, Z. 2011. Mitigation of denial of service (DoS) attack. Int. J. Comput.l Eng. Manage. 11, 38--44.Google Scholar
Jiang, Z. M., Hassan, A. E., Hamann, G., and Flora, P. 2009. Automated performance analysis of load tests. In Proceedings of the IEEE International Conference on Software Maintenance (ICSM’09). IEEE, 125--134.Google Scholar
Juels, A. and Brainard, J. G. 1999. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the Network and Distributed System Security Symposium. The Internet Society.Google Scholar
Kalman, R. E. 1960. A new approach to linear filtering and prediction problems. Trans. ASME--J Basic Engineering 82, Series D, 35--45.Google ScholarCross Ref
Kargl, F. and Maier, J. 2001. Protecting web servers from distributed denial of service attacks. In Proceedings of the 10th International Conference on World Wide Web. 514--524. Google ScholarDigital Library
Khattab, S. M., Sangpachatanaruk, C., Melhem, R., Mosse, D., and Znati, T. 2003. Proactive server roaming for mitigating denial-of-service attacks. In Proceedings of the International Conference on Information Technology: Research and Education. 286--290.Google Scholar
Lazowska, E. D., Zahorjan, J., Graham, G. S., and Sevcik, K. C. 1984. Quantitative System Performance: Computer System Analysis Using Queueing Network Models. Prentice-Hall, Inc., Upper Saddle River, NJ. Google ScholarDigital Library
Litoiu, M. 2007. A performance analysis method for autonomic computing systems. ACM Trans. Auton. Adap. Syst. 2, 1, 3. Google ScholarDigital Library
Litoiu, M. and Barna, C. 2012. A perfonnance analysis method for autonomic computing systems. ACM Trans. Auton. Adapt. Syst. 2, 1, 3. Google ScholarDigital Library
Litoiu, M., Rolia, J., and Serazzi, G. 2000. Designing process replication and activation: A quantitative approach. IEEE Trans. Softw. Eng. 26, 12, 1168--1178. Google ScholarDigital Library
Litoiu, M., Woodside, M., and Zheng, T. 2005. Hierarchical model-based autonomic control of software systems. SIGSOFT Softw. Eng. Notes 30, 4, 1--7. Google ScholarDigital Library
Long, M., Wu, C.-H. J., Hung, J. Y., and Irwin, J. D. 2004. Mitigating performance degradation of network-based control systems under denial of service attacks. In Proceedings of the 30th Annual Conference of the IEEE Industrial Electronics Society (IECON’04). Vol. 3, IEEE, 2339--2342.Google Scholar
Malik, H., Adams, B., Hassan, A. E., Flora, P., and Hamann, G. 2010. Using load tests to automatically compare the subsystems of a large enterprise system. In Proceedings of the IEEE 34th Annual Computer Software and Applications Conference (COMPSAC’10). IEEE, 117--126. Google ScholarDigital Library
Menascé, D. A. 2002. Simple analytic modeling of software contention. SIGMETRICS Perform. Eval. Rev. 29, 4, 24--30. Google ScholarDigital Library
Menascé, D. A. and Almeida, V. A. F. 1998. Capacity Planning for Web Performance: Metrics, Models, and Methods. Prentice-Hall, Inc., Upper Saddle River, NJ. Google ScholarDigital Library
Menascé, D. A. and Almeida, V. A. F. 2000. Scaling for E Business: Technologies, Models, Performance, and Capacity Planning. Prentice Hall PTR, Upper Saddle River, NJ. Google ScholarDigital Library
Mirković, J. 2002. D-WARD: DDoS Network Attack Recognition and Defense. http://fmg-www.cs.ucla.edu/ddos.Google Scholar
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., and Rajarajan, M. 2013. A survey of intrusion detection techniques in cloud. J. Network Computer Appl. 36, 1, 42--57. Google ScholarDigital Library
Morein, W. G., Stavrou, A., Cook, D. L., Keromytis, A. D., Misra, V., and Rubenstein, D. 2003. Using graphic turing tests to counter automated DDoS attacks against web servers. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03). ACM, New York, 8--19. Google ScholarDigital Library
Nguyen, T. H., Doan, C. T., Nguyen, V. Q., Nguyen, T. H. T., and Doan, M. P. 2011. Distributed defense of distributed DoS using pushback and communicate mechanism. In Proceedings of the International Advanced Technologies for Communications Conference. 178--182.Google Scholar
OPERA. 2013. Optimization, Performance Evaluation and Resource Allocator (OPERA). http://www.ceraslabs.com/technologies/opera.Google Scholar
Oshima, S., Nakashima, T., and Sueyoshi, T. 2010. Early DoS/DDoS detection method using short-term statistics. In Proceedings of the International Complex, Intelligent and Software Intensive Systems Conference. 168--173. Google ScholarDigital Library
Pandey, A. K. and Pandu Rangan, C. 2011. Mitigating denial of service attack using proof of work and token bucket algorithm. In Proceedings of the IEEE Students’ Technology Symposium. 43--47.Google Scholar
Reiser, M. and Lavenberg, S. S. 1980. Mean-value analysis of closed multichain queuing networks. J. ACM 27, 2, 313--322. Google ScholarDigital Library
Rolia, J. A. and Sevcik, K. C. 1995. The method of layers. IEEE Trans. Softw. Eng. 21 8, 689--700. Google ScholarDigital Library
Roman, J., Radek, B., Radek, V., and Libor, S. 2011. Launching distributed denial of service attacks by network protocol exploitation. In Proceedings of the 2nd International Conference on Applied Informatics and Computing Theory (AICT’11). World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, WI, 210--216. Google ScholarDigital Library
Sachdeva, M., Singh, G., and Kumar, K. 2011. Deployment of distributed defense against DDoS attacks in ISP domain. Int. J. Comput. Appl. 15, 2, 25--31.Google ScholarCross Ref
Sopitkamol, M. and Menascé, D. A. 2005. A method for evaluating the impact of software configuration parameters on e-commerce sites. In Proceedings of the 5th International Workshop on Software and Performance (WOSP’05). ACM, New York, 53--64. Google ScholarDigital Library
Thakkar, D. 2009. Automated capacity planning and support for enterprise applications. M.S. thesis, Queens University.Google Scholar
Thakkar, D., Hassan, A. E., Hamann, G., and Flora, P. 2008. A framework for measurement based performance modeling. In Proceedings of the 7th International Workshop on Software and Performance (WOSP’08). ACM, New York, 55--66. Google ScholarDigital Library
The Hacker’s Choice. 2012. THC SSL DOS. http://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos.Google Scholar
Woodside, M., Zheng, T., and Litoiu, M. 2005. The use of optimal filters to track parameters of performance models. In Proceedings of the 2nd International Conference on the Quantitative Evaluation of Systems (QEST’05). IEEE, 74. Google ScholarDigital Library
Wu, X. and Yau, Y. D. K. 2007. Mitigating denial-of-service attacks in MANET by incentive based packet filtering: A game-theoretic approach. In Proceedings of the 3rd International Conference on Security and Privacy in Communications Networks and the Workshops (SecureComm’07). 310--319.Google Scholar
Zahorjan, J., Sevcik, K. C., Eager, D. L., and Galler, B. I. 1981. Balanced job bound analysis of queueing networks. In Proceedings of the ACM SIGMETRICS Conference on Measurement and Modeling of Computer Systems (SIGMETRICS’81). ACM. Google ScholarDigital Library
Zheng, T., Yang, J., Woodside, M., Litoiu, M., and Iszlai, G. 2005. Tracking time-varying parameters in software systems with extended Kalman filters. In Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research (CASCON’05). IBM Press, 334--345. Google ScholarDigital Library
Zuckerman, E., Roberts, H., McGrady, R., York, J., and Palfrey, J. 2010. Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites. Berkman Center for Internet & Society.Google Scholar

Index Terms

Mitigating DoS Attacks Using Performance Model-Driven Adaptive Algorithms

Recommendations

Machine learning combating DOS and DDOS attacks

In recent years, technology is booming at a breakneck speed as so the need of security. Vulnerabilities in the layers of the OSI model and the networks are paving new ways for intruders and hackers to steal the confidential information. Security attacks ...
Read More
Mitigating denial of service attacks: a tutorial

This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
Read More
Denial of service attacks, defences and research challenges

This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Autonomous and Adaptive Systems Volume 9, Issue 1
March 2014
121 pages
ISSN:1556-4665
EISSN:1556-4703
DOI:10.1145/2597760
Editors:
Manish Parashar
Rutgers University, USA
,
Franco Zambonelli
University of Modena e Reggio Emilia, Italy
Issue’s Table of Contents
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 March 2014
- Revised: 1 January 2014
- Accepted: 1 December 2013
- Received: 1 April 2013
Published in taas Volume 9, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Denial of service
DoS attack mitigation
distributed denial of service
layered queuing network
model-based adaptation
performance model
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 10
  Total Citations
  View Citations
- 706
  Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Mitigating DoS Attacks Using Performance Model-Driven Adaptive Algorithms

ACM Transactions on Autonomous and Adaptive Systems

Abstract

References

Cited By

Index Terms

Recommendations

Machine learning combating DOS and DDOS attacks

Mitigating denial of service attacks: a tutorial

Denial of service attacks, defences and research challenges

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Mitigating DoS Attacks Using Performance Model-Driven Adaptive Algorithms

ACM Transactions on Autonomous and Adaptive Systems

Abstract

References

Cited By

Index Terms

Recommendations

Machine learning combating DOS and DDOS attacks

Mitigating denial of service attacks: a tutorial

Denial of service attacks, defences and research challenges

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media