Title :
WRAPS: Denial-of-Service Defense through Web Referrals
Author :
Wang, XiaoFeng ; Reiter, Michael K.
Author_Institution :
Dept. of Comput. Sci., Indiana Univ., Bloomington, IN
Abstract :
The Web is a complicated graph, with millions of Web sites interlinked together. In this paper, we propose to use this Web sitegraph structure to mitigate flooding attacks on a Web site, using a new Web referral architecture for privileged service ("WRAPS"). WRAPS allows a legitimate client to obtain a privilege URL through a click on a referral hypher-link, from a Web site trusted by the target Web site. Using that URL, the client can get privileged access to the target Web site in a manner that is far less vulnerable to a DDoS flooding attack. WRAPS does not require changes to Web client software and is extremely lightweight for referrer Web sites, which eases its deployment. The massive scale of the Web sitegraph could deter attempts to isolate a Web site through blocking all referrers. We present the design of WRAPS, and the implementation of a prototype system used to evaluate our proposal. Our empirical study demonstrates that WRAPS enables legitimate clients to connect to a Web site smoothly in spite of an intensive flooding attack, at the cost of small overheads on the Web site\´s ISP\´s edge routers
Keywords :
Internet; telecommunication security; DDoS flooding attack; ISP edge routers; WRAPS; Web referral architecture for privileged service; Web referrals; Web sitegraph structure; Web sites; World Wide Web; denial-of-service defense; distributed denial-of-service; flooding attacks; privilege URL; referral hypher-link; Computer crime; Computer science; Costs; Floods; Joining processes; Proposals; Prototypes; Service oriented architecture; Software prototyping; Uniform resource locators;
Conference_Titel :
Reliable Distributed Systems, 2006. SRDS '06. 25th IEEE Symposium on
Conference_Location :
Leeds
Print_ISBN :
0-7695-2677-2
DOI :
10.1109/SRDS.2006.48
