SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks

Slow-running attacks against network applications are often not easy to detect, as the attackers behave according to the specification. The servers of many network applications are not prepared for such attacks, either due to missing countermeasures or because their default configurations ignores such attacks. The pressure to secure network services against such attacks is shifting more and more from the service operators to the network operators of the servers under attack. Recent technologies such as software-defined networking offer the flexibility and extensibility to analyze and influence network flows without the assistance of the target operator. Based on our previous work on a network-based mitigation, we have extended a framework to detect and mitigate slow-running DDoS attacks within the network infrastructure, but without requiring access to servers under attack. We developed and evaluated several identification schemes to identify attackers in the network solely based on network traffic information. We showed that by measuring the packet rate and the uniformity of the packet distances, a reliable identificator can be built, given a training period of the deployment network.

[1]  Panayiotis Kotzanikolaou,et al.  Evaluating security controls against HTTP-based DDoS attacks , 2013, IISA 2013.

[2]  Hidema Tanaka,et al.  Analysis of Slow Read DoS attack , 2014, 2014 International Symposium on Information Theory and its Applications.

[3]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[4]  Frank Kargl,et al.  An Extensible Host-Agnostic Framework for SDN-Assisted DDoS-Mitigation , 2017, 2017 IEEE 42nd Conference on Local Computer Networks (LCN).

[5]  Aiko Pras,et al.  Measuring the Adoption of DDoS Protection Services , 2016, Internet Measurement Conference.

[6]  Frank Kargl,et al.  SDN-Assisted Network-Based Mitigation of Slow HTTP Attacks , 2017 .

[7]  Hidema Tanaka,et al.  Analysis of Slow Read DoS Attack and Communication Environment , 2017 .

[8]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[9]  Fabrice Kordon,et al.  Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: A Petri Net-Based Approach , 2010, 2010 10th International Conference on Application of Concurrency to System Design.

[10]  Yogendra Singh,et al.  How Secure are Web Servers? An Empirical Study of Slow HTTP DoS Attacks and Detection , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[11]  Kiwon Hong,et al.  SDN-Assisted Slow HTTP DDoS Attack Defense Method , 2018, IEEE Communications Letters.

[12]  Toyoo Takata,et al.  A Defense Method against Distributed Slow HTTP DoS Attack , 2016, 2016 19th International Conference on Network-Based Information Systems (NBiS).