ConnectionScore: a statistical technique to resist application-layer DDoS attacks
作者: Hakem Beitollahi , Geert Deconinck
DOI: 10.1007/S12652-013-0196-5
关键词: Internet protocol suite 、 Application layer DDoS attack 、 Intrusion detection system 、 Computer science 、 Computer security 、 traceroute 、 Denial-of-service attack 、 Attack time 、 Application layer
摘要: In an application-layer distributed denial of service (DDoS) attack, zombie machines send a large number legitimate requests to the victim server. Since these have formats and are sent through normal TCP connections, intrusion detection systems cannot detect them. attacks, adversary does not saturate bandwidth server inbound traffic, but outbound traffic. The next aim is consume exhaust computational resources (e.g., CPU cycles), memory resources, TCP/IP stack, input/output devices, etc. This paper proposes novel scheme which called ConnectionScore resist such DDoS attacks. During attack time, any connection scored based on history statistical analysis has been done during condition. bottleneck retaken from those connections take lower scores. Our shows that established by give low fact, technique can estimate legitimacy with high probability. rate suspicious being dropped adjusted current level overload threshold-level free resources. To evaluate performance scheme, we perform experiments in Emulab environment using real traceroute data ClarkNet WWW ( http://ita.ee.lbl.gov/html/contrib/ClarkNet-HTTP.html ).
springer.com
sci-hub.se 参考文章(31)
Data-Mining Concepts Wiley-IEEE Press. pp. 1- 25 ,(2011) , 10.1002/9781118029145.CH1
Wenan Zhou, Dao-yi Wang, A Dynamic-Resource-Allocation based flash crowd mitigation algorithm for Video-on-Demand network international conference on computer science and information technology. ,vol. 1, pp. 388- 392 ,(2010) , 10.1109/ICCSIT.2010.5564874
Micah Adler, Tradeoffs in probabilistic packet marking for IP traceback symposium on the theory of computing. pp. 407- 418 ,(2002) , 10.1145/509907.509969
William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, Dan Rubenstein, Using graphic turing tests to counter automated DDoS attacks against web servers computer and communications security. pp. 8- 19 ,(2003) , 10.1145/948109.948114
Leah M. Reeves, Jean-Claude Martin, Michael McTear, TV Raman, Kay M. Stanney, Hui Su, Qian Ying Wang, Jennifer Lai, James A. Larson, Sharon Oviatt, T. S. Balaji, Stéphanie Buisine, Penny Collings, Phil Cohen, Ben Kraal, Guidelines for multimodal user interface design Communications of The ACM. ,vol. 47, pp. 57- 59 ,(2004) , 10.1145/962081.962106
Hakem Beitollahi, Geert Deconinck, Analyzing well-known countermeasures against distributed denial of service attacks Computer Communications. ,vol. 35, pp. 1312- 1332 ,(2012) , 10.1016/J.COMCOM.2012.04.008
Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems ACM Computing Surveys. ,vol. 39, pp. 3- ,(2007) , 10.1145/1216370.1216373
Micah Adler, Trade-offs in probabilistic packet marking for IP traceback Journal of the ACM. ,vol. 52, pp. 217- 244 ,(2005) , 10.1145/1059513.1059517
Wei-zhou Lu, Shun-zheng Yu, An HTTP Flooding Detection Method Based on Browser Behavior computational intelligence and security. ,vol. 2, pp. 1151- 1154 ,(2006) , 10.1109/ICCIAS.2006.295444
Chu-Hsing Lin, Hung-Yan Lin, Tang-Wei Wu, Ying-Hsuan Chen, Chien-Hua Huang, Preserving quality of service for normal users against DDoS attacks by using Double Check Priority Queues ambient intelligence. ,vol. 4, pp. 275- 282 ,(2013) , 10.1007/S12652-011-0091-X