Browse > Article
http://dx.doi.org/10.3745/KTCCS.2015.4.4.135

Implementation and Validation of the Web DDoS Shelter System(WDSS)  

Park, Jae-Hyung (한국방송통신대학교 정보과학과)
Kim, Kang-Hyoun (한국방송통신대학교 컴퓨터과학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.4, no.4, 2015 , pp. 135-140 More about this Journal
Abstract
The WDSS improves defensive capacity against web application layer DDoS attack by using web cache server and L7 switch which are added on the DDoS shelter system. When web DDoS attack occurs, security agents divert traffic from backbone network to sub-network of the WDSS and then DDoS protection device and L7 switch block abnormal packets. In the meantime, web cache server responds only to requests of normal clients and maintains stable web service. In this way, the WDSS can counteract the web DDoS attack which generates small traffic and depletes server-client session resource. Furthermore, the WDSS does not require IP tunneling because it is not necessary to retransfer the normal requests to original web server. In this paper, we validate operation of the WDSS and verify defensive capability against web application layer DDoS attacks. In order to do this, we built the WDSS on backbone network of an ISP. And we performed web DDoS tests by using a testing system that consists of zombie PCs. The tests were performed by three types and various amounts of web DDoS attacks. Test results suggest that the WDSS can detect small traffic of the web DDoS attacks which do not have repeat flow whereas the formal DDoS shelter system cannot.
Keywords
Web DDoS; HTTP; Application Layer; Web Cache;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Saman Taghavi Zargar, James Joshi, and David Tipper, "A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks," Communications Surveys & Tutorials, IEEE, Vol.15, Issue.4, Mar., 2013.
2 Ahmad Sanmorino, Setiadi Yazid, "DDoS Attack detection method and mitigation using pattern of the flow," Information and Communication Technology (ICoICT), 2013 International Conference on, Mar., 2013.
3 P. K. Park, S. M. Yoo, HoYong Ryu, and Cheol Hong Kim, "Service-Oriented DDoS Detection Mechanism Using Pseudo State in a Flow Router," Information Science and Applications (ICISA), 2013 International Conference on, Jun., 2013.
4 Sujatha Sivabalan1, Dr P J Radcliffe, "A Novel Framework to detect and block DDoS attack at the Application layer," TENCON Spring Conference, 2013 IEEE, Apr., 2013.
5 S. Renuka Devi, P. Yogesh, "An Effective Approach to Counter Application Layer DDoS Attacks," Computing Communication & Networking Technologies (ICCCNT), 2012 Third International Conference on, Jul., 2012.
6 Baik, N., Sungsoo Ahn, and Namhi Kang, "Effective DDoS Attack Defense Scheme Using Web Service Performance Measurement," Communications Magazine, Ubiquitous and Future Networks (ICUFN), 2012 Fourth International Conference on, Jul., 2012.
7 Veronika Durcekova, Ladislav Schwartz, and Nahid Shahmehri, "Sophisticated Denial of Service Attacks Aimed at Application Layer," ELEKTRO, May., 2012.
8 Jin Wang, Xiaolong Yang, and Keping Long, "Web DDoS Detection Schemes Based on Measuring User's Access Behavior with Large Deviation," Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE, No.1, Dec., 2011.
9 Yi Xie, Shun-zheng Yu, "Monitoring the Application-Layer DDoS Attacks for Popular Websites," Networking, IEEE/ACM Transactions on, Vol.17, Issue.1, Feb., 2009.
10 Supranamaya Ranjan, Ram Swaminathan, Mustafa Uysal, Antonio Nucci, and Edward Knightly, "DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks," Networking, IEEE/ACM Transactions on, Vol.17, Issue.1, Feb., 2009.
11 T. J. Lee, C. S. Im, C. T. Im, and H. C. Jung, "Light-weight Defense Mechanisms for application layer DDoS Attacks in the Web Services," KIISC, 20-5, 2010.
12 J. H. Park, K. H. Kim, "A Web DDoS Defence System using Network Linkage," 39th KIPS autumn academic conference 20-1, 2013.
13 J. H. Park, K. H. Kim, "The Web DDoS Shelter System (WDSS) to Counter Web Application Layer DDoS Attacks," Department of Computer Science Graduate School Korea National Open University, 2014.