Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.4.809

Analysis of Defense Method for HTTP POST DDoS Attack base on Content-Length Control  

Lee, Dae-Seob (School of Information and Communication Engineering, Sungkyunkwan University)
Won, Dong-Ho (School of Information and Communication Engineering, Sungkyunkwan University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.4, 2012 , pp. 809-817 More about this Journal
Abstract
One of the OSI 7 Layer DDoS Attack, HTTP POST DDoS can deny legitimate service by web server resource depletion. This Attack can be executed with less network traffic and legitimate TCP connections. Therefore, It is difficult to distinguish DDoS traffic from legitimate users. In this paper, I propose an anomaly HTTP POST traffic detection algorithm and http each page Content-Length field size limit with defense method for HTTP POST DDoS attack. Proposed method showed the result of detection and countermeasure without false negative and positive to use the r-u-dead-yet of HTTP POST DDoS attack tool and the self-developed attack tool.
Keywords
HTTP post DDoS; HTTP get flooding; Content-Length; Tree-way Handshaking; Denial of Service attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Felix Lau, Stuart H. Rubin, Michael H. Smith, and Ljiljana Trajkovic, "Distributed Denial of Service Attacks," 2000 IEEE International Conference on Systems, Man and Cybernetics, Volume:, pp. 2275-2280, March 2000.
2 W. O Chee and T. Brennan "H...t....t...p...p...o...s...t," presentation at OWASP AppSec Conference, Washington, D.C., 2010. Copyright ${\(C)}$ The OWASP Foundation http://www.owasp.org
3 J. Mirkovic and P. Reiher, "A Taxonomy of DDoS Attacks and Defense Mechanisms," ACM CCR, April 2004.
4 A. Kuzmanovic and E. W. Knightly, "Low-rate TCP-targeted denial of service attacks and counter strategies," IEEE/ACM Trans. Netw., vol. 14, no. 4, pp. 683-696, 2006   DOI
5 T.Peng, C.Leckie, and K.Ramanohanarao, "Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problem," ACM Computing Surveys, vol. 39, no.1, pp. 1-42, 2007.   DOI   ScienceOn
6 ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks. SpiderLabs Anterior - The Official Blog of Trustwave's SpiderLabs http://blog.spiderlabs.com/2010/11/advanced-topic-of-theweek-miti gating-slow-http-dos-attacks.html
7 Y. Xie and S.-Z. Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites," IEEE/ACM Transaction on Networking, vol. 17, No. 1, Feb. 2009.
8 C. Zhang, J. Yin, Z. Cai, and W. Chen, "RRED: Robust RED Algorithm to Counter Low-rate Denial-of-Service Attacks," IEEE Communications Letters, Vol. 14, pp. 489-491, 2010.   DOI
9 Alefiya Hussian, John Heidemann, and Christos Papadoopoulos, "A Framework for Classifying Denial of Service Attacks," SIGCOMM pp. 99-110, 2003.
10 Song Huang, Ling Zhang, and Shou-Ling Dong, "A Behavior-based Ingress Rate- Limiting Mechanisms against DoS/DDoS Attacks," LNCS, vol. 3783, pp. 231-242, 2005.
11 http://sniper.wins21.co.kr
12 http://www.radware.com/Thank_you_download.aspx?ID=6949
13 M.Srivatsa el al., "Mitigating Application Level Denial of Service Attacks on Web Servers," ACM Transactions on WEB. Vol. 2 Issue. 3, July 2008
14 r-u-dead-yet HTTP POST Denial of Service Tool, http://code.google.com/p/r-u-dead-yet