Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges

Application layer Distributed Denial of Service (DDoS) attacks have empowered conventional flooding based DDoS with more subtle attacking methods that pose an ever-increasing challenge to the availability of Internet based web services. These attacks hold the potential to cause similar damaging effects as their lower layer counterparts using relatively fewer attacking assets. Being the dominant part of the Internet, HTTP is the prime target of GET flooding attacks, a common practice followed among various application layer DDoS attacks. With the presence of new and improved attack programs, identifying these attacks always seems convoluted. A swift rise in the frequency of these attacks has led to a favorable shift in interest among researchers. Over the recent years, a significant research contribution has been dedicated toward devising new techniques for countering HTTP-GET flood DDoS attacks. In this paper, we conduct a survey of such research contributions following a well-defined systematic process. A total of 63 primary studies published before August 2015 were selected from six different electronic databases following a careful scrutinizing process. We formulated four research questions that capture various aspects of the identified primary studies. These aspects include detection attributes, datasets, software tools, attack strategies, and underlying modeling methods. The field background required to understand the evolution of HTTP-GET flood DDoS attacks is also presented. The aim of this systematic survey is to gain insights into the current research on the detection of these attacks by comprehensively analyzing the selected primary studies to answer a predefined set of research questions. This survey also discusses various challenges that need to be addressed, and acquaints readers with recommendations for possible future research directions.

[1]  Jin Wang,et al.  Web DDoS Detection Schemes Based on Measuring User's Access Behavior with Large Deviation , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[2]  Shunzheng Yu,et al.  A Novel Model for Detecting Application Layer DDoS Attacks , 2006, First International Multi-Symposiums on Computer and Computational Sciences (IMSCCS'06).

[3]  Kuldip Singh,et al.  A Comprehensive Survey of Distributed Defense Techniques against DDoS Attacks , 2009 .

[4]  Paramvir Singh,et al.  A systematic review of IP traceback schemes for denial of service attacks , 2016, Comput. Secur..

[5]  Yi Xie,et al.  Online Anomaly Detection Based on Web Usage Mining , 2012, 2012 IEEE 26th International Parallel and Distributed Processing Symposium Workshops & PhD Forum.

[6]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[7]  Zhoujun Li,et al.  A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks , 2009, Infoscale.

[8]  Claes Wohlin,et al.  Experimentation in Software Engineering , 2012, Springer Berlin Heidelberg.

[9]  David Mazières,et al.  A Toolkit for User-Level File Systems , 2001, USENIX Annual Technical Conference, General Track.

[10]  Jin Wang,et al.  HTTP-sCAN: Detecting HTTP-flooding attaCk by modeling multi-features of web browsing behavior from noisy dataset , 2013, 2013 19th Asia-Pacific Conference on Communications (APCC).

[11]  Amrit Lal Sangal,et al.  Characterizing flash events and distributed denial-of-service attacks: an empirical investigation , 2016, Secur. Commun. Networks.

[12]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[13]  Maya Daneva,et al.  Cloud computing security requirements: A systematic review , 2012, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS).

[14]  Angelos D. Keromytis,et al.  Using graphic turing tests to counter automated DDoS attacks against web servers , 2003, CCS '03.

[15]  Aijun An,et al.  Detecting Web Crawlers from Web Server Access Logs with Data Mining Classifiers , 2011, ISMIS.

[16]  Naga Shalini Vadlamani A Survey on Detection and Defense of Application Layer DDoS Attacks , 2013 .

[17]  Sonia Fahmy,et al.  Towards user-centric metrics for denial-of-service measurement , 2007, ExpCS '07.

[18]  Paramvir Singh,et al.  Impact analysis of application layer DDoS attacks on web services: a simulation study , 2017, Int. J. Intell. Eng. Informatics.

[19]  Natalija Vlajic,et al.  Application-layer DDoS in dynamic Web-domains: Building defenses against next-generation attack behavior , 2014, 2014 IEEE Conference on Communications and Network Security.

[20]  Ali A. Ghorbani,et al.  Application-layer denial of service attacks: taxonomy and survey , 2015, Int. J. Inf. Comput. Secur..

[21]  Aijun An,et al.  Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users , 2011, ANT/MobiWIS.

[22]  Pearl Brereton,et al.  Systematic literature reviews in software engineering - A tertiary study , 2010, Inf. Softw. Technol..

[23]  Albert-László Barabási,et al.  Internet: Diameter of the World-Wide Web , 1999, Nature.

[24]  José Carlos Brustoloni,et al.  In-network server-directed client authentication and packet classification , 2010, IEEE Local Computer Network Conference.

[25]  Barbara A. Kitchenham,et al.  Systematic review in software engineering: where we are and where we should be going , 2012, EAST '12.

[26]  Wanlei Zhou,et al.  CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd , 2010, 2010 Fourth International Conference on Network and System Security.

[27]  Geert Deconinck,et al.  Tackling Application-layer DDoS Attacks , 2012, ANT/MobiWIS.

[28]  R.C. Joshi,et al.  A Distributed Approach using Entropy to Detect DDoS Attacks in ISP Domain , 2007, 2007 International Conference on Signal Processing, Communications and Networking.

[29]  Abhinav Bhandari,et al.  Destination Address Entropy based Detection and Traceback Approach against Distributed Denial of Service Attacks , 2015 .

[30]  Cheng Xiang Tan,et al.  A Survey of Trends in Massive DDOS Attacks and Cloud-Based Mitigations , 2014 .

[31]  Muhammad Ali Babar,et al.  Systematic literature reviews in software engineering: Preliminary results from interviews with researchers , 2009, ESEM 2009.

[32]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[33]  Jie Xu,et al.  HTTP-sCAN: Detecting HTTP-flooding attack by modeling multi-features of web browsing behavior from noisy web-logs , 2015 .

[34]  Shari Lawrence Pfleeger,et al.  Preliminary Guidelines for Empirical Research in Software Engineering , 2002, IEEE Trans. Software Eng..

[35]  Mudhakar Srivatsa,et al.  A Middleware System for Protecting Against Application Level Denial of Service Attacks , 2006, Middleware.

[36]  Wanlei Zhou,et al.  Discriminating DDoS attack traffic from flash crowd through packet arrival patterns , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[37]  Shunzheng Yu,et al.  Detecting Shrew HTTP Flood Attacks for Flash Crowds , 2007, International Conference on Computational Science.

[38]  Amin Jula,et al.  Cloud computing service composition: A systematic literature review , 2014, Expert Syst. Appl..

[39]  Imran Ghani,et al.  Quality of service approaches in cloud computing: A systematic mapping study , 2015, J. Syst. Softw..