Abstract
Denial-of-service attacks present a serious threat to the availability of online services. Distributed attackers, i.e. botnets, are capable of exhausting the server capacity with legitimate-looking requests. Such attacks are difficult to defend against using traditional filtering mechanisms. We propose a machine learning and filtering system that forms a profile of normal client behavior based on normal traffic features and, during an attack, optimizes capacity allocation for legitimate clients based on the profile. The proposed defense mechanism is evaluated using simulations based on real-life server usage patterns. The simulations indicate that the mechanism is capable of mitigating an overwhelming server capacity exhaustion DDoS attack. During attacks where a botnet floods a server with legitimate-looking requests, over 80 percent of the legitimate clients are still served, even on servers that are heavily loaded to begin with. An implementation of the mechanism is tested using synthetic HTTP attack traffic, also with encouraging results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cai, X., Heidemann, J.: Understanding block-level address usage in the visible internet. ACM SIGCOMM Computer Communication Review 40(4), 99–110 (2010)
Collins, M., Reiter, M.: An empirical analysis of target-resident DoS filters. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy (2004)
Cormode, G., Korn, F., Muthukrishnan, S., Srivastava, D.: Finding hierarchical heavy hitters in data streams. In: Proceedings of the 29th International Conference on Very large Data Bases, VLDB 2003, vol. 29 (2003)
Cormode, G., Korn, F., Muthukrishnan, S., Srivastava, D.: Finding hierarchical heavy hitters in streaming data. ACM Trans. Knowl. Discov. Data 1(4) (February 2008)
Dixon, C., Anderson, T., Krishnamurthy, A.: Phalanx: Withstanding multimillion-node botnets. In: Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008 (2008)
Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. RFC 2827 (Best Current Practice) (May 2000)
Hussain, A., Heidemann, J., Papadopoulos, C.: A framework for classifying denial of service attacks. In: Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2003 (2003)
Ioannidis, J., Bellovin, S.: Implementing pushback: Router-based defense against DDoS attacks. In: Proceedings of Network and Distributed System Security Symposium, vol. 2 (2002)
Jin, C., Wang, H., Shin, K.G.: Hop-count filtering: an effective defense against spoofed DDoS traffic. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003 (2003)
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of the 2005 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 217–228. ACM (2005)
Liao, Q., Cieslak, D.A., Striegel, A.D., Chawla, N.V.: Using selective, short-term memory to improve resilience against DDoS exhaustion attacks. Security and Communication Networks 1(4) (2008)
Lin, C.-H., Liu, J.-C., Jiang, F.-C., Kuo, C.-T.: An effective priority queue-based scheme to alleviate malicious packet flows from distributed DoS attacks. In: International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIHMSP 2008 (August 2008)
Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39 (April 2007)
Ranjan, S., Swaminathan, R., Uysal, M., Knightly, E.: DDoS-resilient scheduling to counter application layer attacks under imperfect detection. In: Proceedings of the 25th IEEE International Conference on Computer Communications, INFOCOM 2006 (April 2006)
Sekar, V., Duffield, N., Spatscheck, O., van der Merwe, J., Zhang, H.: LADS: large-scale automated DDoS detection system. In: Proceedings of the Annual Conference on USENIX 2006 Annual Technical Conference, ATEC 2006 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kalliola, A., Aura, T., Šćepanović, S. (2014). Denial-of-Service Mitigation for Internet Services. In: Bernsmed, K., Fischer-Hübner, S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science(), vol 8788. Springer, Cham. https://doi.org/10.1007/978-3-319-11599-3_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-11599-3_13
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11598-6
Online ISBN: 978-3-319-11599-3
eBook Packages: Computer ScienceComputer Science (R0)