Mitigation of Application Layer DDoS Flood Attack Against Web Servers

Abstract Website Fingerprinting (WF) allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of WF on the Tor network are alarming. Prior work has only considered defenses at the client-side arguing that web servers lack of incentives to adopt countermeasures. Furthermore, most of these defenses have been designed to operate on the stream of network packets, making practical deployment difficult. In this paper, we propose two application-level defenses including the first server-side defense against WF, as .onion services have incentives to support it. The other defense is a lightweight client-side defense implemented as a browser add-on, improving ease of deployment over previous approaches. In our evaluations, the server-side defense is able to reduce WF accuracy on Tor .onion sites from 69.6% to 10% and the client-side defense reduces accuracy from 64% to 31.5%.

Download Full-text

Creation of a DDOS attack using HTTP-GET Flood with the Cyber Kill Chain methodology

ITECKNE Innovación e Investigación en Ingeniería ◽

10.15332/iteckne.v16i1.2160 ◽

2019 ◽

Vol 16 (1) ◽

pp. 41-47

Author(s):

Jeferson Eleazar Martínez-Lozano ◽

Pedro Sandino Atencio-Ortiz

Keyword(s):

Web Application ◽

The Internet ◽

Application Layer ◽

Web Servers ◽

Ddos Attack ◽

Internet Application ◽

Cyber Kill Chain

This article illustrates by means of a demonstration and taking advantage of the vulnerability “Open redirect”, how easy it can be to attack web servers through distributed attacks of denial of services. In it, the Cyber Kill Chain® model is used to carry out this attack in phases. In the development of the research, a systematic UFONet tool is applied and the results obtained are analyzed and it is recommended to protect the Internet application services of said attacks through web application firewalls (WAF) whose presence allows the DDoS traffic of the application layer (including the HTTP-GET flood) arrives effortlessly at the destination server.

Download Full-text

Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling

Computer Networks ◽

10.1016/j.comnet.2017.03.018 ◽

2017 ◽

Vol 121 ◽

pp. 25-36 ◽

Cited By ~ 31

Author(s):

Hossein Hadian Jazi ◽

Hugo Gonzalez ◽

Natalia Stakhanova ◽

Ali A. Ghorbani

Keyword(s):

Application Layer ◽

Dos Attacks ◽

Web Servers

Download Full-text

Suspicious Score Based Mechanism to Protect Web Servers against Application Layer Distributed Denial of Service Attacks

International Journal of Intelligent Engineering and Systems ◽

10.22266/ijies2017.0831.16 ◽

2017 ◽

Vol 10 (4) ◽

pp. 147-156 ◽

Cited By ~ 1

Author(s):

Renuka Devi Saravanan Renuka Devi Saravanan ◽

◽

Shyamala Loganathan ◽

Saraswathi Shunmuganathan ◽

Yogesh Palanichamy ◽

...

Keyword(s):

Denial Of Service ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Application Layer ◽

Web Servers

Download Full-text

Network anomaly detection for protecting web services from the application layer bandwidth flooding attack

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.11154 ◽

2018 ◽

Vol 7 (2) ◽

pp. 907

Author(s):

K V Raghavender ◽

Dr P.Premchand

Keyword(s):

Web Services ◽

Anomaly Detection ◽

Application Layer ◽

Web Servers ◽

Flooding Attack ◽

Business Web ◽

Network Anomaly Detection ◽

Swarm Activity ◽

Spine Movement ◽

The Web

Web servers are generally situated in an efficient server center where these servers associate with the outside Web straightforwardly through spines. In the interim, the application layer Bandwidth flooding attack (ALBFA) assaults are basic dangers to the Web, especially to those business web servers. As of now, there are a few strategies intended to deal with the ALBFA assaults, however the greater part of them can't be utilized as a part of substantial spines. In this paper, we propound another technique namely BFADM to identify ALBFA assaults. Our work separates itself from past techniques by considering ALBFA assault discovery in overwhelming spine movement. Moreover, the recognition of ALBFA assaults is effortlessly deceived by streak swarm activity. Keeping in mind the end goal to beat this issue, our propounded technique develops a Constant Recurrence Vector and genuine opportune describes the movement as an arrangement of models. By looking at the entropy of ALBFA assaults and blaze swarms, these models can be utilized to perceive the genuine ALBFA assaults. We coordinate the above discovery standards into a modularized resistance design, which comprises of a head-end sensor, an identification module and an activity channel. With a quick ALBFA discovery speed, the channel is equipped for letting the true blue demands through however the assault movement is ceased.

Download Full-text

Authentication of GNSS Orbital and Clock Parameters at Android Application Layer

Proceedings of the 32nd International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2019) ◽

10.33012/2019.16985 ◽

2019 ◽

Author(s):

P. Crosta ◽

H. Serruys ◽

T. Watterton ◽

G. Galluzzo ◽

R. Lucas

Keyword(s):

Android Application ◽

Application Layer

Download Full-text

New Type of Computational Devices: The Embedded Controlling Built-in Micro Web-Servers

Telecommunications and Radio Engineering ◽

10.1615/telecomradeng.v62.i5.90 ◽

2004 ◽

Vol 62 (1-6) ◽

pp. 485-496

Author(s):

A. V. Agranovskiy ◽

N. Yu. Polushkin ◽

S. V. Khristich

Keyword(s):

Web Servers ◽

New Type

Download Full-text

HULK and DDoS Attacks in Web Applications with Detection Mechanism

International Journal of Emerging Research in Management and Technology ◽

10.23956/ijermt.v6i6.268 ◽

2018 ◽

Vol 6 (6) ◽

pp. 192

Author(s):

Amit Sharma

Keyword(s):

Web Applications ◽

Denial Of Service ◽

Single Server ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Detection Mechanism ◽

Plan Execution ◽

Social Affair ◽

Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Download Full-text