KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Implementation and Validation of the Web DDoS Shelter System(WDSS)

웹 DDoS 대피소 시스템(WDSS) 구현 및 성능검증

  • 박재형 (한국방송통신대학교 정보과학과) ;
  • 김강현 (한국방송통신대학교 컴퓨터과학과)
  • Received : 2014.10.17
  • Accepted : 2014.12.29
  • Published : 2015.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.

WDSS는 네트워크 연동구간을 이용한 DDoS 대피소 시스템에 L7 스위치와 웹캐시서버를 추가 구성하여 웹 응용계층 DDoS 공격에 대한 방어성능을 향상시킨 시스템이다. WDSS는 웹 DDoS 공격 발생 시 백본 네트워크로부터 트래픽을 우회한 뒤 비정상 요청은 DDoS 차단시스템과 L7 스위치에서 차단하고 정상적인 클라이언트의 요청에 대해서만 웹캐시서버가 응답하게 함으로써 소규모 트래픽 기반의 세션 고갈형 DDoS 공격에 대응하고 정상적인 웹서비스를 유지한다. 또한 정상 트래픽을 웹서버로 재전송하기 위한 IP 터널링 설정이 없이도 공격 대응이 가능하다. 본 논문은 WDSS를 국내 ISP 백본 네트워크상에 구축하여 시스템 작동에 대한 유효성과 웹 응용계층 DDoS 공격 방어성능을 검증한 결과를 다룬다. 웹 DDoS 방어성능 평가는 실제 봇넷과 동일한 공격 종류와 패킷수의 공격을 수행할 수 있는 좀비 PC로 구성한 DDoS 모의테스트 시스템을 이용하여 실시하였다. 웹 응용계층 DDoS 공격 종류와 강도를 달리하여 WDSS의 웹 DDoS 방어성능을 분석한 결과 기존의 DDoS 대피소 시스템에서 탐지/방어하지 못한 소규모 트래픽에 기반하며 동일 플로우를 반복적으로 발생하지 않는 웹 DDoS 공격을 탐지/방어할 수 있었다.

Keywords

References

  1. Saman Taghavi Zargar, James Joshi, and David Tipper, "A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks," Communications Surveys & Tutorials, IEEE, Vol.15, Issue.4, Mar., 2013.
  2. Ahmad Sanmorino, Setiadi Yazid, "DDoS Attack detection method and mitigation using pattern of the flow," Information and Communication Technology (ICoICT), 2013 International Conference on, Mar., 2013.
  3. P. K. Park, S. M. Yoo, HoYong Ryu, and Cheol Hong Kim, "Service-Oriented DDoS Detection Mechanism Using Pseudo State in a Flow Router," Information Science and Applications (ICISA), 2013 International Conference on, Jun., 2013.
  4. Sujatha Sivabalan1, Dr P J Radcliffe, "A Novel Framework to detect and block DDoS attack at the Application layer," TENCON Spring Conference, 2013 IEEE, Apr., 2013.
  5. S. Renuka Devi, P. Yogesh, "An Effective Approach to Counter Application Layer DDoS Attacks," Computing Communication & Networking Technologies (ICCCNT), 2012 Third International Conference on, Jul., 2012.
  6. Baik, N., Sungsoo Ahn, and Namhi Kang, "Effective DDoS Attack Defense Scheme Using Web Service Performance Measurement," Communications Magazine, Ubiquitous and Future Networks (ICUFN), 2012 Fourth International Conference on, Jul., 2012.
  7. Veronika Durcekova, Ladislav Schwartz, and Nahid Shahmehri, "Sophisticated Denial of Service Attacks Aimed at Application Layer," ELEKTRO, May., 2012.
  8. Jin Wang, Xiaolong Yang, and Keping Long, "Web DDoS Detection Schemes Based on Measuring User's Access Behavior with Large Deviation," Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE, No.1, Dec., 2011.
  9. Yi Xie, Shun-zheng Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites," Networking, IEEE/ACM Transactions on, Vol.17, Issue.1, Feb., 2009.
  10. Supranamaya Ranjan, Ram Swaminathan, Mustafa Uysal, Antonio Nucci, and Edward Knightly, "DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks," Networking, IEEE/ACM Transactions on, Vol.17, Issue.1, Feb., 2009.
  11. T. J. Lee, C. S. Im, C. T. Im, and H. C. Jung, "Light-weight Defense Mechanisms for application layer DDoS Attacks in the Web Services," KIISC, 20-5, 2010.
  12. J. H. Park, K. H. Kim, "A Web DDoS Defence System using Network Linkage," 39th KIPS autumn academic conference 20-1, 2013.
  13. J. H. Park, K. H. Kim, "The Web DDoS Shelter System (WDSS) to Counter Web Application Layer DDoS Attacks," Department of Computer Science Graduate School Korea National Open University, 2014.