We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 December 2024
Reseach Article

A Practical Approach and Mitigation Techniques on Application Layer DDoS Attack in Web Server

by Muhammad Yeasir Arafat, Muhammad Morshed Alam, Mohammad Fakrul Alam
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 131 - Number 1
Year of Publication: 2015
Authors: Muhammad Yeasir Arafat, Muhammad Morshed Alam, Mohammad Fakrul Alam
10.5120/ijca2015907209

Muhammad Yeasir Arafat, Muhammad Morshed Alam, Mohammad Fakrul Alam . A Practical Approach and Mitigation Techniques on Application Layer DDoS Attack in Web Server. International Journal of Computer Applications. 131, 1 ( December 2015), 13-20. DOI=10.5120/ijca2015907209

@article{ 10.5120/ijca2015907209,
author = { Muhammad Yeasir Arafat, Muhammad Morshed Alam, Mohammad Fakrul Alam },
title = { A Practical Approach and Mitigation Techniques on Application Layer DDoS Attack in Web Server },
journal = { International Journal of Computer Applications },
issue_date = { December 2015 },
volume = { 131 },
number = { 1 },
month = { December },
year = { 2015 },
issn = { 0975-8887 },
pages = { 13-20 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume131/number1/23412-2015907209/ },
doi = { 10.5120/ijca2015907209 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:26:05.000643+05:30
%A Muhammad Yeasir Arafat
%A Muhammad Morshed Alam
%A Mohammad Fakrul Alam
%T A Practical Approach and Mitigation Techniques on Application Layer DDoS Attack in Web Server
%J International Journal of Computer Applications
%@ 0975-8887
%V 131
%N 1
%P 13-20
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Denial of Service (DoS) or Distributed Denial of Service (DDoS) is a powerful attack which prevents the system from providing services to its legitimate users. Several approaches exist to filter network-level attacks, but application-level attacks are harder to detect at the host base firewall. Filtering in application level can be computationally expensive and difficult to scale, while DDoS attacks still creating bogus positives that block legitimate users. In this paper, the authors show application layer DoS attack for HTTP web server using some open source DoS attack tools and also suggest some realistic mechanisms that can protect a web server from application-level DoS attacks especially while attacks targeting the resources including CPU, sockets, memory of the victim server. The authors propose a new DDoS defense mechanism that protects http web servers from application-level DDoS attacks based on the reverse proxy. The attack flow detection mechanism detects attack flows based on the symptom or stress at the server, since it is getting more difficult to identify bad flows only based on the incoming traffic patterns. A popular software known as Wireshark which is a network protocol analyzer is used to capture the packets during a DoS attack from the victim server Ethernet interface to detect the attacking host IP address and analysis the types of attack. We evaluate the performance of the proposed scheme via experiment.

References
  1. D. Dagon, G. Gu, C. P. Lee, W. Lee, “A Taxonomy of Botnet Structures,” in Proc. of Annual Computer Security Applications Conference (ACSAC), Dec. 2007.
  2. www.arbornetworks.com
  3. T. Peng, C. Leckie, K. Ramamohanarao, “Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems,” ACM Computing Surveys, vol. 39, no. 1, pp. 1-42, Apr. 2007.
  4. S. Kandula, D. Katabi, M. Jacob, A. W. Berger, “Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds,” in Proc. of NSDI, Boston, MA, 2005.
  5. C. Estan, G. Varghese, “New Directions in Traffic Measurement and Accounting,” in Proc. of ACM SIGCOMM, Aug. 2002.
  6. R.R. Kompella, S. Singh, G. Varghese, “On Scalable Attack Detection in the Network,” in Proc. of ACM Internet Measurement Conference (IMC), Oct. 2004.
  7. Jose Nazario, BlackEnergy DDoS Bot Analysis, Technical report, Arbor Networks, Oct. 2007.
  8. Z. Zhu, G. Lu, Y. Chen, Z. J. Fu, P. Roberts, K. Han, “Botnet Research Survey,” in Proc. of IEEE COMPSAC, pp. 967-972, 2008.
  9. ha.cker.org security lab, Slowloris HTTP DoS, http://ha.cker s.org/slowloris/
  10. J. Mirkovic, P. Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms,” SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39-53, 2004.
  11. A. Kuzmanovic, E. Knightly, “Low-rate TCP-targeted denial of service attacks (the shrew vs. the mice and elephants),” in Proc. of ACM SIGCOMM, pp. 75-86, 2003.
  12. G.Macia-Fernandez, J.E.Diaz-Verdejo, P.Garcia-Teodoro, “Evaulation of a low-rate DoS attack against application servers,” Computers & Security, vol. 27, no. 7, pp. 335-354, 2009.
  13. H. Sun, J. Lui, D. Yau, “Defending against low-rate TCP attacks: dynamic detection and protection,” in Proc. of 12th IEEE International Conference on Network Protocols (ICNP04), pp. 196-205, 2004.
  14. W. Wei, Y. Dong, D. Lu, G. Jin, H. Lao, “A novel mechanism to defend against low-rate denial-of-service attacks,” Lecture Notes Comput. Sci. 3975,pp. 261-271, 2006.
  15. G. Macia-Fernandez, R. A. Rodriguez-Gomez, J. E. Diaz-Verdejo, “Defense techniques for low-rate DoS attacks against application servers,” Computer Networks, vol. 54, no. 15, pp. 2711-2727, 2010.
  16. M Srivatsa, A. Iyengar, J. Yin, “Mitigating application-level denial of service attacks on web servers: a client-transparent approach,” ACM Transactions on the Web, vol. 2, no. 3, pp. 15:1-15:49, July 2008.
  17. http://en.wikipedia.org/wiki/Reverse_proxy
  18. www.nginx.com
  19. Mohammad Fakrul Alam, "Application Layer DDoS, A Practical Approach & Mitigation Techniques, “South Asian network Operators Group (SANOG) -23 Conference, Thimpu, Bhutan, 2014.
Index Terms

Computer Science
Information Sciences

Keywords

HTTP TCP Slowloris OWASP OSI layer attack Nginx fail2ban IPtables.