Countering DDoS and XDoS Attacks against Web Services

Cyber-criminals use distributed denial-of-service attacks (DDoS) and XML denial-of-service attacks (XDoS) to extort money from online service providers. This kind of attacks is normally targeted at a particular service provider to exhaust the network and system resources of the provider. This paper proposes a scheme for building a defense system against DDoS and XDoS attacks. The system is built on Web Services. It can be constructed and reconfigured easily by an attack victim.

[1]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[2]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[3]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[4]  Angelos D. Keromytis,et al.  Using graphic turing tests to counter automated DDoS attacks against web servers , 2003, CCS '03.

[5]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[6]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[7]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[8]  Blake Dournaee,et al.  XML Security , 2002 .

[9]  Senthil Mani,et al.  Preventing Service Oriented Denial of Service (PreSODoS): A Proposed Approach , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[10]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[11]  Stefano Ceri,et al.  Managing asynchronous Web services interactions , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[12]  David G. Andersen,et al.  Proceedings of Usits '03: 4th Usenix Symposium on Internet Technologies and Systems Mayday: Distributed Filtering for Internet Services , 2022 .

[13]  Mudhakar Srivatsa,et al.  A Middleware System for Protecting Against Application Level Denial of Service Attacks , 2006, Middleware.

[14]  Santokh Singh,et al.  A SOA Approach to Counter DDoS Attacks , 2007, IEEE International Conference on Web Services (ICWS 2007).