ReCAP: A distributed CAPTCHA service at the edge of the network to handle server overload

Web server overload resulting from an application layer–based distributed denial-of-service (DDoS) attack or a flash crowd event continues to be a major problem in today's internet because it renders the Web server unavailable in both cases. In this paper, we propose a novel system, called ReCAP, that handles server overload resulting from application layer–based DDoS attacks or flash crowd events. The system is envisioned as a service that can be provided to websites that have limited resources with no infrastructure in place to handle these events. The main goal of ReCAP is to filter attack traffic in case of a DDoS attack event and to provide users with basic information during a flash crowd event. The proposed system is composed of 2 main modules: (1) the HTTPredirect module, which is a stateless Hypertext Transfer Protocol server that redirects Web requests destined to the targeted Web server to the second module, and (2) the distributed Completely Automated Public Turing Test To Tell Computers and Humans Apart (CAPTCHA) service, which comprises a large number of powerful nodes geographically and suitably distributed in the internet acting as a large distributed firewall. All requests to the origin Web server are redirected to the CAPTCHA nodes, which can segregate legitimate clients from automated attacks by requiring them to solve a challenge. Upon successful response, legitimate clients (humans) are forwarded through a given CAPTCHA node to the Web server. These CAPTCHA proxies are envisioned to be placed intrinsically at the edge of the network in the proximity of the clients to curb communication delays, and thus perceived response times, and to relieve the core network from further traffic congestion. In particular, such organization fits squarely in the fifth use case scenario presented in the European Telecommunications Standards Institute Mobile Edge Computing Industry Specification Group's introductory technical paper on Mobile-Edge Computing. In conclusion, the performance evaluation shows that the proposed system is able to mitigate application-layer DDoS attacks while incurring acceptable delays for legitimate clients as a result of redirecting them to and via CAPTCHA nodes.

[1]  Alexander Willner,et al.  Towards Programmable Fog Nodes in Smart Factories , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[2]  Pedro Merino,et al.  Enabling Low Latency Services on LTE Networks , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[3]  Klaus Oestreicher,et al.  CAPTCHA accessibility study of online forums , 2011, Int. J. Web Based Communities.

[4]  Xin Liu,et al.  NetFence: preventing internet denial of service from inside out , 2010, SIGCOMM '10.

[5]  Winfried Lamersdorf,et al.  CloudAware: A Context-Adaptive Middleware for Mobile Edge and Cloud Computing Applications , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[6]  Mark Hoogenboom,et al.  Who will rob you on the digital highway? , 2004, CACM.

[7]  Hong Li,et al.  Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching , 2015, Secur. Commun. Networks.

[8]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[9]  Johan Tordsson,et al.  How Beneficial Are Intermediate Layer Data Centers in Mobile Edge Networks? , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[10]  Raphael C.-W. Phan,et al.  DDoS attacks traffic and Flash Crowds traffic simulation with a hardware test center platform , 2011, 2011 World Congress on Internet Security (WorldCIS-2011).

[11]  Wanlei Zhou,et al.  Discriminating DDoS attack traffic from flash crowd through packet arrival patterns , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[12]  Brij B. Gupta,et al.  An Efficient Scheme to Prevent DDoS Flooding Attacks in Mobile Ad-Hoc Network (MANET) , 2014 .

[13]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[14]  Thomas E. Anderson,et al.  Phalanx: Withstanding Multimillion-Node Botnets , 2008, NSDI.

[15]  Nick Feamster,et al.  Dynamics of Online Scam Hosting Infrastructure , 2009, PAM.

[16]  Yaser Jararweh,et al.  A Fog Computing Based System for Selective Forwarding Detection in Mobile Wireless Sensor Networks , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[17]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[18]  Amrit Lal Sangal,et al.  Characterizing flash events and distributed denial-of-service attacks: an empirical investigation , 2016, Secur. Commun. Networks.

[19]  B. B. Gupta,et al.  SVM Based Scheme for Predicting Number of Zombies in a DDoS Attack , 2011, 2011 European Intelligence and Security Informatics Conference.

[20]  Shun-Zheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[21]  Hannu Flinck,et al.  Application Orchestration in Mobile Edge Cloud: Placing of IoT Applications to the Edge , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[22]  Jon Howell,et al.  Asirra: a CAPTCHA that exploits interest-aligned manual image categorization , 2007, CCS '07.

[23]  Salim Hariri,et al.  IoT Security Framework for Smart Cyber Infrastructures , 2016, 2016 IEEE 1st International Workshops on Foundations and Applications of Self* Systems (FAS*W).

[24]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[25]  B. B. Gupta,et al.  Defending against Distributed Denial of Service Attacks: Issues and Challenges , 2009, Inf. Secur. J. A Glob. Perspect..

[26]  Kai Hwang,et al.  Collaborative detection and filtering of shrew DDoS attacks using spectral analysis , 2006, J. Parallel Distributed Comput..

[27]  Lúcia Maria de A. Drummond,et al.  Handling flash-crowd events to improve the performance of web applications , 2014, SAC.

[28]  Angelos D. Keromytis,et al.  Using graphic turing tests to counter automated DDoS attacks against web servers , 2003, CCS '03.

[29]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.

[30]  Sebastian Koch,et al.  HTTPreject: Handling Overload Situations without Losing the Contact to the User , 2010, 2010 European Conference on Computer Network Defense.

[31]  Patrick Wendell,et al.  Going viral: flash crowds in an open CDN , 2011, IMC '11.

[32]  G. Manimaran,et al.  JUST-Google: A Search Engine-Based Defense Against Botnet-Based DDoS Attacks , 2009, 2009 IEEE International Conference on Communications.

[33]  Michael Bailey,et al.  Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks , 2014, Internet Measurement Conference.

[34]  Wanlei Zhou,et al.  Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics , 2009, 2009 Third International Conference on Network and System Security.

[35]  Peter Martini Botnets - Detection, classification and countermeasures , 2011, LCN.