首页    期刊浏览 2024年12月05日 星期四
登录注册

文章基本信息

  • 标题:A Robust Mechanism For Defending Distributed Denial Of Service Attacks On Web Servers
  • 本地全文:下载
  • 作者:Jaydip Sen ; Innovation Lab
  • 期刊名称:International Journal of Network Security & Its Applications
  • 印刷版ISSN:0975-2307
  • 电子版ISSN:0974-9330
  • 出版年度:2011
  • 卷号:3
  • 期号:2
  • DOI:10.5121/ijnsa.2011.3213
  • 出版社:Academy & Industry Research Collaboration Center (AIRCC)
  • 摘要:Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
  • 关键词:Distributed denial of service (DDoS); traffic flow; buffer; Poisson arrival
国家哲学社会科学文献中心版权所有