Openly accessible

CALD : surviving various application-layer DDoS attacks that mimic flash crowd

Wen, Sheng, Jia, Weijia, Zhou, Wei, Zhou, Wanlei and Xu, Chuan 2010, CALD : surviving various application-layer DDoS attacks that mimic flash crowd, in NSS 2010 : Proceedings of the 4th International Conference on Network and System Security, IEEE, Piscataway, N.J., pp. 247-254.

Attached Files
Name Description MIMEType Size Downloads
zhou-caldsurviving-2010.pdf Published version application/pdf 294.77KB 372

Title CALD : surviving various application-layer DDoS attacks that mimic flash crowd
Author(s) Wen, Sheng
Jia, Weijia
Zhou, Wei
Zhou, Wanlei
Xu, Chuan
Conference name International Conference on Network and System Security (4th : 2010 : Melbourne, Vic.)
Conference location Melbourne, Vic.
Conference dates 1-3 Sep. 2010
Title of proceedings NSS 2010 : Proceedings of the 4th International Conference on Network and System Security
Editor(s) Xiang, Yang
Samarati, Pierangela
Hu, Jiankun
Zhou, Wanlei
Sadeghi, Ahmad-Reza
Publication date 2010
Conference series Network and System Security International Conference
Start page 247
End page 254
Total pages 8
Publisher IEEE
Place of publication Piscataway, N.J.
Keyword(s) DDoS
application-layer
Kalman Filter
information theory
Summary Distributed denial of service (DDoS) attack is a continuous critical threat to the Internet. Derived from the low layers, new application-layer-based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. The case may be more serious when suchattacks mimic or occur during the flash crowd event of a popular Website. In this paper, we present the design and implementation of CALD, an architectural extension to protect Web servers against various DDoS attacks that masquerade as flash crowds. CALD provides real-time detection using mess tests but is different from other systems that use resembling methods. First, CALD uses a front-end sensor to monitor thetraffic that may contain various DDoS attacks or flash crowds. Intense pulse in the traffic means possible existence of anomalies because this is the basic property of DDoS attacks and flash crowds. Once abnormal traffic is identified, the sensor sends ATTENTION signal to activate the attack detection module. Second, CALD dynamically records the average frequency of each source IP and check the total mess extent. Theoretically, the mess extent of DDoS attacks is larger than the one of flash crowds. Thus, with some parameters from the attack detection module, the filter is capable of letting the legitimate requests through but the attack traffic stopped. Third, CALD may divide the security modules away from the Web servers. As a result, it keeps maximum performance on the kernel web services, regardless of the harassment from DDoS. In the experiments, the records from www.sina.com and www.taobao.com have proved the value of CALD.
Notes This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.
ISBN 9780769541594
Language eng
Field of Research 080503 Networking and Communications
Socio Economic Objective 970108 Expanding Knowledge in the Information and Computing Sciences
HERDC Research category E1 Full written paper - refereed
HERDC collection year 2010
Copyright notice ©2010, by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved
Persistent URL http://hdl.handle.net/10536/DRO/DU:30033643

Document type: Conference Paper
Collections: School of Information Technology
Open Access Collection
Connect to link resolver
 
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.

Versions
Version Filter Type
Access Statistics: 237 Abstract Views, 382 File Downloads  -  Detailed Statistics
Created: Fri, 25 Mar 2011, 15:28:25 EST by Sandra Dunoon

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact drosupport@deakin.edu.au.