DOI QR코드

DOI QR Code

Vulnerable Path Attack and its Detection

  • She, Chuyu (School of Data and Computer Science, Sun Yat-sen University) ;
  • Wen, Wushao (School of Data and Computer Science, Sun Yat-sen University) ;
  • Ye, Quanqi (School of Data and Computer Science, Sun Yat-sen University) ;
  • Zheng, Kesong (School of Data and Computer Science, Sun Yat-sen University)
  • Received : 2016.07.01
  • Accepted : 2017.02.07
  • Published : 2017.04.30

Abstract

Application-layer Distributed Denial-of-Service (DDoS) attack is one of the leading security problems in the Internet. In recent years, the attack strategies of application-layer DDoS have rapidly developed. This paper introduces a new attack strategy named Path Vulnerabilities-Based (PVB) attack. In this attack strategy, an attacker first analyzes the contents of web pages and subsequently measures the actual response time of each webpage to build a web-resource-weighted-directed graph. The attacker uses a Top M Longest Path algorithm to find M DDoS vulnerable paths that consume considerable resources when sequentially accessing the pages following any of those paths. A detection mechanism for such attack is also proposed and discussed. A finite-state machine is used to model the dynamical processes for the state of the user's session and monitor the PVB attacks. Numerical results based on real-traffic simulations reveal the efficiency of the attack strategy and the detection mechanism.

Keywords

References

  1. Y. Xie and S.Z. Yu, "Monitoring the application-layer DDoS attacks for popular website," IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp.15-25, February, 2009. https://doi.org/10.1109/TNET.2008.925628
  2. F. Simmross-Wattenberg, J.I. Asensio-Perez, P. Casaseca-de-la-Higuera et al., "Anomaly Detection in Network Traffic Based on Statistical Inference and ${\alpha}$-Stable Modeling," IEEE Transations on Dependable and Secure Computing, vol. 8, no. 4, pp. 494-509, July/August, 2011. https://doi.org/10.1109/TDSC.2011.14
  3. N.A. Mohammed and J.R. Martin, "Uniform DoS traceback," Computers & Security, vol. 45, no. 3, pp. 17-26, September, 2014. https://doi.org/10.1016/j.cose.2014.04.008
  4. Y.Xiang, K. Li, and W. Zhou, "Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics," IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, pp.426-437, June, 2011. https://doi.org/10.1109/TIFS.2011.2107320
  5. S.N. Shiaeles, V. Katos, A.S. Karakos, and B.k. Papadopoulos, "Real time DDoS detection using fuzzy estimators," Computers & Security, vol. 31, no. 6, pp.782-790, September, 2012. https://doi.org/10.1016/j.cose.2012.06.002
  6. H.S.Kang and S.R.Kim, "sShield: small DDoS defense system using RIP-based traffic deflection in autonomous system," The Journal of Supercomputing, vol. 67, no. 3, pp.820-836, March, 2014. https://doi.org/10.1007/s11227-013-1031-7
  7. I.C.Paschalidis and G. Smaragdakis, "Spatio-Temporal Network Anomaly Detection by Assessing Deviations of Empirical Measures," IEEE/ACM Transactions on Networking, vol. 17, no. 3, pp. 685-697, June, 2009. https://doi.org/10.1109/TNET.2008.2001468
  8. C.Y. Chou, B. Lin, S. Sen and O. Spatscheck, "Proactive Surge Protection: A Defense Mechanism for Bandwidth-Based Attacks," IEEE/ACM Transactions on Networking, vol.17, no.6, pp.1711-1723, December, 2009. https://doi.org/10.1109/TNET.2009.2017199
  9. C. Cattani, "Harmonic Wavelet Approximation of Random, Fractal and High Frequency Signals," Telecommunication Systems, vol. 43, no. 3, pp.207-217, April, 2010. https://doi.org/10.1007/s11235-009-9208-3
  10. S. Ranjan, R. Swaminathan, M. Uysal and A Nucci, "DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks," IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp.26-39, February, 2009. https://doi.org/10.1109/TNET.2008.926503
  11. V. Durcekova, L. Schwartz and N. Shahmehri, "Sophisticated Denial of Service attacks aimed at application layer," ELEKTRO, pp. 55-60, 2012.
  12. D. Gavrilis, J. Chatzis and E. Dermatasb, "Flash Crowd Detection Using Decoy Hyperlinks," in Proc. of IEEE Conf. on Networking, Sensing and Control, London, pp 466-470, April 15-17, 2007.
  13. J. Nazario, "DDoS attack evolution," Network Security, vol. 2008, no. 7, pp. 7-10, July, 2008. https://doi.org/10.1016/S1353-4858(08)70086-2
  14. K. Sourav and D.P. Mishra, "DDoS detection and defense: client termination approach," in Proc. of 12th CUBE International Information Technology Conference (CUBE '12), pp.749-752, September 3-5, 2012.
  15. D. Hayes, M. Welzl, G. Armitage and M. Rossi, "Improving HTTP performance using 'stateless' TCP," in Proc. of the 21st international workshop on Network and operating systems support for digital audio and video (NOSSDAV '11), pp. 57-62, June 1-3, 2011.
  16. A. Raghunath, S. Ramachandran, S. Subramanian and S. Vaidyanathan, "Data rate based adaptive thread assignment solution for combating the SlowPOST denial of service attack," ACM SIGSOFT Software Engineering Notes, vol. 38, no. 5, pp. 1-5, September, 2013.
  17. S. McGregory, "Preparing for the next DDoS attack," Network Security, vol. 2013, no. 5, pp.5-6, May, 2013. https://doi.org/10.1016/S1353-4858(13)70134-X
  18. S. Y. Nam and S. Djuraev, "Defending HTTP Web Servers against DDoS Attacks through Busy Period-based Attack Flow Detection," KSII Transactions on Internet and Information Systems, vol. 8, no. 7, pp. 2512-2531, 2014. https://doi.org/10.3837/tiis.2014.07.018
  19. M.K Yoon, "Using Whitelisting to Mitigate DDoS Attacks on Critical Internet Sites," IEEE Communications Magazine, vol. 48, no. 7, pp. 110-115, July, 2010. https://doi.org/10.1109/MCOM.2010.5496886
  20. A. Ramamoorthi, T. Subbulakshmi, and S.M. Shalinie, "Real Time Detection and Classification of DDoS Attacks using Enhanced SVM with String Kernels," in Proc. of IEEE Conf. on Recent Trends in Information Technology, ICRTIT, pp. 91-96, June 3-5, 2011.
  21. K. Ioannidou, G. Mertzios and S. Nikolopoulos, "The longest path problem has a polynomial solution on interval graphs," Algorithmica, vol. 61, no. 2, pp.320-341, October, 2011. https://doi.org/10.1007/s00453-010-9411-3
  22. H. Beitollahi and G. Deconinck, "Tackling Application-layer DDoS Attacks," Procedia Computer Science, vol. 10, no. 1, pp. 432-441, 2012. https://doi.org/10.1016/j.procs.2012.06.056
  23. J. Jung, B. Krishnamurthy and M. Rabinovich, "Flash crowds and denial of service attacks: Characterization and implications for CDNs and websites," in Proc. of 11th IEEE Conf. on World Wide Web, Honolulu, Ha-waii, USA, ACM, pp.293-304, May 7-11, 2002.
  24. A. Alvarez-Alvarez, G. Trivino and O. Cordon, "Human Gait Modeling Using a Genetic Fuzzy Finite State Machine," IEEE Transactions on Fuzzy Systems, vol. 20, no. 2, pp. 205-223, April, 2012. https://doi.org/10.1109/TFUZZ.2011.2171973
  25. SpiderLabs, "ModSecutity," https://github.com/fengxuangit/ModSecurity.