Impact analysis of application layer DDoS attacks on web services: a simulation study

Due to a wide range of attacks possible on the internet, abundance of security solutions exists in the market today. In spite of this, distributed denial of service (DDoS) attack is still considered irrepressible, as none of the present-day solutions seems to completely eradicate its existence. The most sophisticated form of this attack, application-layer DDoS attack, is on the rise seeking to its surging frequency in recent years. With a primary focus on their detection and mitigation, the researchers have made significant contributions toward the related literature. We begin with introducing application-layer DDoS attacks followed by an analysis of the recent contributions in a nutshell. Subsequently, the underlying mechanism behind the application-layer DDoS attacks is discussed to apprehend its effect on traditional web server architecture. Finally, two independent exhaustive simulations are carried out to evaluate the impact of such attacks on the performance of a web server from multiple perspectives. Multifarious experimental designs corresponding to different attack intensities and server performance parameters are exercised during our first simulation scenario in order to report diverse possible scenarios. The second simulation scenario examines three well-known application-layer DDoS attack strategies that an attacker usually adopts in order to instigate an application-layer DDoS attack.

[1]  Sujatha Sivabalan,et al.  A novel framework to detect and block DDoS attack at the application layer , 2013, IEEE 2013 Tencon - Spring.

[2]  Hong Li,et al.  Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching , 2015, Secur. Commun. Networks.

[3]  Gaogang Xie,et al.  Detection on application layer DDoS using random walk model , 2014, 2014 IEEE International Conference on Communications (ICC).

[4]  Jin Wang,et al.  HTTP-sCAN: Detecting HTTP-flooding attaCk by modeling multi-features of web browsing behavior from noisy dataset , 2013, 2013 19th Asia-Pacific Conference on Communications (APCC).

[5]  Liang Guo,et al.  The war between mice and elephants , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[6]  Jin Wang,et al.  Web DDoS Detection Schemes Based on Measuring User's Access Behavior with Large Deviation , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[7]  Aboul Ella Hassanien,et al.  Machine Learning Techniques for Anomalies Detection and Classification , 2013, SecNet.

[8]  Yi Xie,et al.  Resisting Web Proxy-Based HTTP Attacks by Temporal and Spatial Locality Behavior , 2013, IEEE Transactions on Parallel and Distributed Systems.

[9]  Wanlei Zhou,et al.  Detection and defense of application-layer DDoS attacks in backbone web traffic , 2014, Future Gener. Comput. Syst..

[10]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[11]  Cristina Conde,et al.  Detecting denial of service by modelling web-server behaviour , 2013, Comput. Electr. Eng..

[12]  Jie Xu,et al.  HTTP-SoLDiER: An HTTP-flooding attack detection scheme with the large deviation principle , 2013, Science China Information Sciences.

[13]  Aboul Ella Hassanien,et al.  Continuous Features Discretization for Anomaly Intrusion Detectors Generation , 2014, ArXiv.

[14]  S. Selvakumar,et al.  Detection of application layer DDoS attack by modeling user behavior using logistic regression , 2015, 2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions).

[15]  Y. Xie,et al.  Detecting latent attack behavior from aggregated Web traffic , 2013, Comput. Commun..

[16]  Aboul Ella Hassanien,et al.  Improved Real-Time Discretize Network Intrusion Detection System , 2012, BIC-TA.

[17]  Wanlei Zhou,et al.  CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd , 2010, 2010 Fourth International Conference on Network and System Security.

[18]  Paramvir Singh,et al.  A systematic review of IP traceback schemes for denial of service attacks , 2016, Comput. Secur..

[19]  Hongyuan Wang,et al.  Real-time detection of application-layer DDoS attack using time series analysis , 2013 .

[20]  Roman V. Belavkin,et al.  Detection of Application Layer DDoS Attacks with Clustering and Bayes Factors , 2013, 2013 IEEE International Conference on Systems, Man, and Cybernetics.

[21]  Zhiyang Li,et al.  Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[22]  Chengxu Ye,et al.  Application layer ddos detection using clustering analysis , 2012, Proceedings of 2012 2nd International Conference on Computer Science and Network Technology.

[23]  Aboul Ella Hassanien,et al.  Genetic algorithm with different feature selection techniques for anomaly detectors generation , 2013, 2013 Federated Conference on Computer Science and Information Systems.

[24]  F. Camps,et al.  Statistical Distribution of Traffic Sources in Network Simulation Tools , 2008 .

[25]  Roman V. Belavkin,et al.  Detection of application layer DDoS attack with clustering and likelihood analysis , 2013, 2013 IEEE Globecom Workshops (GC Wkshps).

[26]  Song Guo,et al.  Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient , 2012, IEEE Transactions on Parallel and Distributed Systems.

[27]  J. S. Jang,et al.  Timeslot Monitoring Model for application layer DDoS attack detection , 2011, 2011 6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT).

[28]  Dhruba Kumar Bhattacharyya,et al.  Detection of HTTP flooding attacks in multiple scenarios , 2011, ICCCS '11.

[29]  Anja Feldmann,et al.  TCP/IP traffic dynamics and network performance: a lesson in workload modeling, flow control, and trace-driven simulations , 2001, CCRV.

[30]  Sanjay B Ankali Detection Architecture of Application Layer DDoS Attack for Internet , 2011 .

[31]  Teerawat Issariyakul,et al.  Introduction to Network Simulator NS2 , 2008 .

[32]  Kuldip Singh,et al.  DDoS Incidents and their Impact: A Review , 2010, Int. Arab J. Inf. Technol..

[33]  Amin Vahdat,et al.  Swing: realistic and responsive network traffic generation , 2009, TNET.