IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532
Special Section on Information and Communication System Security
Trustworthy DDoS Defense: Design, Proof of Concept Implementation and Testing
Mohamad Samir A. EIDHitoshi AIDA
Author information
JOURNALS FREE ACCESS

Volume E100.D (2017) Issue 8 Pages 1738-1750

Details
Download PDF (2136K) Contact us
Abstract

Distributed Denial of Service (DDoS) attacks based on HTTP and HTTPS (i.e., HTTP(S)-DDoS) are increasingly popular among attackers. Overlay-based mitigation solutions attract small and medium-sized enterprises mainly for their low cost and high scalability. However, conventional overlay-based solutions assume content inspection to remotely mitigate HTTP(S)-DDoS attacks, prompting trust concerns. This paper reports on a new overlay-based method which practically adds a third level of client identification (to conventional per-IP and per-connection). This enhanced identification enables remote mitigation of more complex HTTP(S)-DDoS categories without content inspection. A novel behavior-based reputation and penalty system is designed, then a simplified proof of concept prototype is implemented and deployed on DeterLab. Among several conducted experiments, two are presented in this paper representing a single-vector and a multi-vector complex HTTP(S)-DDoS attack scenarios (utilizing LOIC, Slowloris, and a custom-built attack tool for HTTPS-DDoS). Results show nearly 99.2% reduction in attack traffic and 100% chance of legitimate service. Yet, attack reduction decreases, and cost in service time (of a specified file) rises, temporarily during an approximately 2 minutes mitigation time. Collateral damage to non-attacking clients sharing an attack IP is measured in terms of a temporary extra service time. Only the added identification level was utilized for mitigation, while future work includes incorporating all three levels to mitigate switching and multi-request per connection attack categories.

Information related to the author
© 2017 The Institute of Electronics, Information and Communication Engineers
Previous article Next article

Recently visited articles
Journal news & Announcements
  • Please contact trans-d [a] ieice.org, if you want to unlock PDF security.
feedback
Top