For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Trustworthy DDoS Defense: Design, Proof of Concept Implementation and Testing
Mohamad Samir A. EID Hitoshi AIDA
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2017/08/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Internet Security
Distributed Denial of Service (DDoS) attacks, application level attacks, network security, overlay networks,
Full Text: PDF>>
Distributed Denial of Service (DDoS) attacks based on HTTP and HTTPS (i.e., HTTP(S)-DDoS) are increasingly popular among attackers. Overlay-based mitigation solutions attract small and medium-sized enterprises mainly for their low cost and high scalability. However, conventional overlay-based solutions assume content inspection to remotely mitigate HTTP(S)-DDoS attacks, prompting trust concerns. This paper reports on a new overlay-based method which practically adds a third level of client identification (to conventional per-IP and per-connection). This enhanced identification enables remote mitigation of more complex HTTP(S)-DDoS categories without content inspection. A novel behavior-based reputation and penalty system is designed, then a simplified proof of concept prototype is implemented and deployed on DeterLab. Among several conducted experiments, two are presented in this paper representing a single-vector and a multi-vector complex HTTP(S)-DDoS attack scenarios (utilizing LOIC, Slowloris, and a custom-built attack tool for HTTPS-DDoS). Results show nearly 99.2% reduction in attack traffic and 100% chance of legitimate service. Yet, attack reduction decreases, and cost in service time (of a specified file) rises, temporarily during an approximately 2 minutes mitigation time. Collateral damage to non-attacking clients sharing an attack IP is measured in terms of a temporary extra service time. Only the added identification level was utilized for mitigation, while future work includes incorporating all three levels to mitigate switching and multi-request per connection attack categories.