Web Server Protection against Application Layer DDoS Attacks Using Machine Learning and Traffic Authentication

2015 ◽  
Author(s):  
Jema David Ndibwile ◽  
A. Govardhan ◽  
Kazuya Okada ◽  
Youki Kadobayashi
Keyword(s):  
Machine Learning ◽  
Web Server ◽  
Ddos Attacks ◽  
Application Layer

A Defensive OTP-Based Mechanism against Application Layer DDoS Attacks

2011 ◽  
Vol 480-481 ◽  
pp. 769-774
Author(s):  
Xi Ye ◽  
Wu Shao Wen ◽  
Yi Ru Ye
Keyword(s):  
Web Server ◽  
Intermediate Stage ◽  
Time Interval ◽  
Brute Force ◽  
Ddos Attacks ◽  
Application Layer ◽  
Authentication Mechanism ◽  
Client Software ◽  
Replay Attacks ◽  
Brute Force Attack

In this paper, we present the design and implementation of OTP-DEF, a kernel extension to protect web servers against application layer DDoS attacks. OTP-DEF provides authentication by using OTP-based tests, which is different from other systems that use graphical tests. First of all, according to the load of web server, an OTP-DEF web-server should fall into one of three following modes: normal, suspected attack or confirmed attack mode, and the OTP-DEF authentication mechanism shall only be activated when web-server is in suspected attack mode. Secondly, we use OTP as our puzzle, which can automatically change at the certain time interval. It makes our proposal can defend socially-engineered attack, copy attacks, replay attacks and Brute-Force Attack. Thirdly, OTP-DEF uses an intermediate stage to identify the IP addresses that ignore the test, and persistently bombard the server with requests despite repeated failures at solving the puzzles. These machines are zombies because their intent is to congest the server. Once these machines are identified, OTP-DEF blocks their requests, turns the tests off, and allows access to legitimate users who are unable or unwilling to solve tests. Finally, OTP-DEF requires no modifications to client software.

scholarly journals Application Layer DDoS Attack Defense Methods and A new Defense Mechanism against Flooding

2020 ◽  
Vol 8 (6) ◽  
pp. 208-212
Keyword(s):  
Machine Learning ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Network Environment ◽  
Ddos Attacks ◽  
Application Layer ◽  
New Approach ◽  
Ddos Attack

In a network environment, Distributed Denial of Service (DDoS) attacks eemploys a network or server is unavailable to its normal users. Application-layer Distributed Denial of Service (App-DDoS) attacks are serious issues for the webserver itself. The multitude and variety of such attacks and defense approaches are overwhelming. This paper here follows, we analyze the different defense mechanisms for application-layer DDoS attacks and proposes a new approach to defend using machine learning.

Performance Evaluation of Web Server's Request Queue against AL-DDoS Attacks in NS-2

2017 ◽  
Vol 11 (4) ◽  
pp. 29-46
Author(s):  
Manish Kumar ◽  
Abhinav Bhandari
Keyword(s):  
Web Services ◽  
Research Work ◽  
Web Server ◽  
Ddos Attacks ◽  
Application Layer ◽  
Scheduling Policies ◽  
Scheduling Policy ◽  
Flooding Attack ◽  
Queue Scheduling ◽  
Request Queue

As the world is getting increasingly dependent on the Internet, the availability of web services has been a key concern for various organizations. Application Layer DDoS (AL-DDoS) attacks may hamper the availability of web services to the legitimate users by flooding the request queue of the web server. Hence, it is pertinent to focus fundamentally on studying the queue scheduling policies of web server against the HTTP request flooding attack which has been the base of this research work. In this paper, the various types of AL-DDoS attacks launched by exploiting the HTTP protocol have been reviewed. The key aim is to compare the requests queue scheduling policies of web server against HTTP request flooding attack using NS2 simulator. Various simulation scenarios have been presented for comparison, and it has been established that queue scheduling policy can be a significant role player in tolerating the AL-DDoS attacks.

scholarly journals Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Sensors ◽  
2020 ◽  
Vol 20 (14) ◽  
pp. 3820
Author(s):  
Abdul Ghafar Jaafar ◽  
Saiful Adli Ismail ◽  
Mohd Shahidan Abdullah ◽  
Nazri Kama ◽  
Azri Azmi ◽  
...  
Keyword(s):  
Critical Analysis ◽  
Denial Of Service ◽  
Web Server ◽  
Recent Analysis ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Ddos Attack ◽  
Client Request ◽  
Attack Patterns

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

HULK and DDoS Attacks in Web Applications with Detection Mechanism

2018 ◽  
Vol 6 (6) ◽  
pp. 192
Author(s):  
Amit Sharma
Keyword(s):  
Web Applications ◽  
Denial Of Service ◽  
Single Server ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Detection Mechanism ◽  
Plan Execution ◽  
Social Affair ◽  
Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Sign in / Sign up

Export Citation Format

Share Document