Performance Evaluation of Web Server's Request Queue against AL-DDoS Attacks in NS-2

2017 ◽  
Vol 11 (4) ◽  
pp. 29-46
Author(s):  
Manish Kumar ◽  
Abhinav Bhandari
Keyword(s):  
Web Services ◽  
Research Work ◽  
Web Server ◽  
Ddos Attacks ◽  
Application Layer ◽  
Scheduling Policies ◽  
Scheduling Policy ◽  
Flooding Attack ◽  
Queue Scheduling ◽  
Request Queue

As the world is getting increasingly dependent on the Internet, the availability of web services has been a key concern for various organizations. Application Layer DDoS (AL-DDoS) attacks may hamper the availability of web services to the legitimate users by flooding the request queue of the web server. Hence, it is pertinent to focus fundamentally on studying the queue scheduling policies of web server against the HTTP request flooding attack which has been the base of this research work. In this paper, the various types of AL-DDoS attacks launched by exploiting the HTTP protocol have been reviewed. The key aim is to compare the requests queue scheduling policies of web server against HTTP request flooding attack using NS2 simulator. Various simulation scenarios have been presented for comparison, and it has been established that queue scheduling policy can be a significant role player in tolerating the AL-DDoS attacks.

Performance Evaluation of Web Server's Request Queue against AL-DDoS Attacks in NS-2

2021 ◽  
pp. 282-301
Author(s):  
Manish Kumar ◽  
Abhinav Bhandari
Keyword(s):  
Web Services ◽  
Research Work ◽  
Web Server ◽  
Ddos Attacks ◽  
Scheduling Policies ◽  
Scheduling Policy ◽  
Flooding Attack ◽  
Queue Scheduling ◽  
Request Queue ◽  
Ns2 Simulator

As the world is getting increasingly dependent on the Internet, the availability of web services has been a key concern for various organizations. Application Layer DDoS (AL-DDoS) attacks may hamper the availability of web services to the legitimate users by flooding the request queue of the web server. Hence, it is pertinent to focus fundamentally on studying the queue scheduling policies of web server against the HTTP request flooding attack which has been the base of this research work. In this paper, the various types of AL-DDoS attacks launched by exploiting the HTTP protocol have been reviewed. The key aim is to compare the requests queue scheduling policies of web server against HTTP request flooding attack using NS2 simulator. Various simulation scenarios have been presented for comparison, and it has been established that queue scheduling policy can be a significant role player in tolerating the AL-DDoS attacks.

A Defensive OTP-Based Mechanism against Application Layer DDoS Attacks

2011 ◽  
Vol 480-481 ◽  
pp. 769-774
Author(s):  
Xi Ye ◽  
Wu Shao Wen ◽  
Yi Ru Ye
Keyword(s):  
Web Server ◽  
Intermediate Stage ◽  
Time Interval ◽  
Brute Force ◽  
Ddos Attacks ◽  
Application Layer ◽  
Authentication Mechanism ◽  
Client Software ◽  
Replay Attacks ◽  
Brute Force Attack

In this paper, we present the design and implementation of OTP-DEF, a kernel extension to protect web servers against application layer DDoS attacks. OTP-DEF provides authentication by using OTP-based tests, which is different from other systems that use graphical tests. First of all, according to the load of web server, an OTP-DEF web-server should fall into one of three following modes: normal, suspected attack or confirmed attack mode, and the OTP-DEF authentication mechanism shall only be activated when web-server is in suspected attack mode. Secondly, we use OTP as our puzzle, which can automatically change at the certain time interval. It makes our proposal can defend socially-engineered attack, copy attacks, replay attacks and Brute-Force Attack. Thirdly, OTP-DEF uses an intermediate stage to identify the IP addresses that ignore the test, and persistently bombard the server with requests despite repeated failures at solving the puzzles. These machines are zombies because their intent is to congest the server. Once these machines are identified, OTP-DEF blocks their requests, turns the tests off, and allows access to legitimate users who are unable or unwilling to solve tests. Finally, OTP-DEF requires no modifications to client software.

scholarly journals Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Sensors ◽  
2020 ◽  
Vol 20 (14) ◽  
pp. 3820
Author(s):  
Abdul Ghafar Jaafar ◽  
Saiful Adli Ismail ◽  
Mohd Shahidan Abdullah ◽  
Nazri Kama ◽  
Azri Azmi ◽  
...  
Keyword(s):  
Critical Analysis ◽  
Denial Of Service ◽  
Web Server ◽  
Recent Analysis ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Ddos Attack ◽  
Client Request ◽  
Attack Patterns

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

scholarly journals Network anomaly detection for protecting web services from the application layer bandwidth flooding attack

2018 ◽  
Vol 7 (2) ◽  
pp. 907
Author(s):  
K V Raghavender ◽  
Dr P.Premchand
Keyword(s):  
Web Services ◽  
Anomaly Detection ◽  
Application Layer ◽  
Web Servers ◽  
Flooding Attack ◽  
Business Web ◽  
Network Anomaly Detection ◽  
Swarm Activity ◽  
Spine Movement ◽  
The Web

Web servers are generally situated in an efficient server center where these servers associate with the outside Web straightforwardly through spines. In the interim, the application layer Bandwidth flooding attack (ALBFA) assaults are basic dangers to the Web, especially to those business web servers. As of now, there are a few strategies intended to deal with the ALBFA assaults, however the greater part of them can't be utilized as a part of substantial spines. In this paper, we propound another technique namely BFADM to identify ALBFA assaults. Our work separates itself from past techniques by considering ALBFA assault discovery in overwhelming spine movement. Moreover, the recognition of ALBFA assaults is effortlessly deceived by streak swarm activity. Keeping in mind the end goal to beat this issue, our propounded technique develops a Constant Recurrence Vector and genuine opportune describes the movement as an arrangement of models. By looking at the entropy of ALBFA assaults and blaze swarms, these models can be utilized to perceive the genuine ALBFA assaults. We coordinate the above discovery standards into a modularized resistance design, which comprises of a head-end sensor, an identification module and an activity channel. With a quick ALBFA discovery speed, the channel is equipped for letting the true blue demands through however the assault movement is ceased.  

scholarly journals Mechanism to Mitigate Application Layer DDoS Attack with a Light Weight Trust Approach

2013 ◽  
pp. 34-41
Author(s):  
M. Jhansi ◽  
M. Radha ◽  
B. Simmi
Keyword(s):  
Trust Management ◽  
Partial Solution ◽  
Light Weight ◽  
Ddos Attacks ◽  
Application Layer ◽  
Flooding Attack ◽  
Ddos Attack ◽  
Business Operations ◽  
Replay Attacks ◽  
Trust Information

New application layer DDoS attacks is a continuous critical threat to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols. The increase in Internet-based transactions and communications offers new opportunities for hackers to disrupt business operations with DDoS attacks to prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and attackers. Its key insight is that to protecting the connectivity of good users during application layer DDoS attacks, evaluation is based on their visiting history, and used to schedule the service to their requests. This paper introduces a license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. This mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that TMH is effective in mitigating session flooding attack.

HULK and DDoS Attacks in Web Applications with Detection Mechanism

2018 ◽  
Vol 6 (6) ◽  
pp. 192
Author(s):  
Amit Sharma
Keyword(s):  
Web Applications ◽  
Denial Of Service ◽  
Single Server ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Detection Mechanism ◽  
Plan Execution ◽  
Social Affair ◽  
Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Sign in / Sign up

Export Citation Format

Share Document