Title :
A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks
Author :
Yu, Jie ; Li, Zhoujun ; Chen, Huowang ; Chen, Xiaoming
Author_Institution :
Nat. Univ. of Defense Technol., Changsha
Abstract :
Application layer DDoS attacks, which are legitimate in packets and protocols, gradually become a pressing problem for commerce, politics and military. We build an attack model and characterize layer-7 attacks into three classes: session flooding attacks, request flooding attacks and asymmetric attacks. We proposed a mechanism named as DOW (defense and offense wall), which defends against layer-7 attacks using combination of detection technology and currency technology. An anomaly dete-ction method based on K-means clustering is introduced to detect and filter request flooding attacks and asymmetric attacks. To defend against session-flooding attacks, we propose an encouragement model that uses client´s session rate as currency. Detection model drops suspicious sessions, while currency model encourages more legitimate sessions. By collaboration of these two models, normal clients could gain higher service rate and lower delay of response time.
Keywords :
information filters; security of data; DOW; K-means clustering; anomaly detection method; application layer DDoS attacks; asymmetric attacks; attacks layer-7 session flooding attacks; defense and offense wall; filter request flooding attacks; offense mechanism; Application software; Business; Computer crime; Delay effects; Floods; Military computing; Pressing; Protocols; Security; Telecommunication traffic;
Conference_Titel :
Networking and Services, 2007. ICNS. Third International Conference on
Conference_Location :
Athens
Print_ISBN :
978-0-7695-2858-9
DOI :
10.1109/ICNS.2007.5
