Tail Attacks on Web Applications

As the extension of Distributed Denial-of-Service (DDoS) attacks to application layer in recent years, researchers pay much interest in these new variants due to a low-volume and intermittent pattern with a higher level of stealthiness, invaliding the state-of-the-art DDoS detection/defense mechanisms. We describe a new type of low-volume application layer DDoS attack--Tail Attacks on Web Applications. Such attack exploits a newly identified system vulnerability of n-tier web applications (millibottlenecks with sub-second duration and resource contention with strong dependencies among distributed nodes) with the goal of causing the long-tail latency problem of the target web application (e.g., 95th percentile response time > 1 second) and damaging the long-term business of the service provider, while all the system resources are far from saturation, making it difficult to trace the cause of performance degradation. We present a modified queueing network model to analyze the impact of our attacks in n-tier architecture systems, and numerically solve the optimal attack parameters. We adopt a feedback control-theoretic (e.g., Kalman filter) framework that allows attackers to fit the dynamics of background requests or system state by dynamically adjusting attack parameters. To evaluate the practicality of such attacks, we conduct extensive validation through not only analytical, numerical, and simulation results but also real cloud production setting experiments via a representative benchmark website equipped with state-of-the-art DDoS defense tools. We further proposed a solution to detect and defense the proposed attacks, involving three stages: fine-grained monitoring, identifying bursts, and blocking bots.

[1]  Hwanju Kim,et al.  TPC: Target-Driven Parallelism Combining Prediction and Correction to Reduce Tail Latency in Interactive Services , 2016, ASPLOS.

[2]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[3]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[4]  Calton Pu,et al.  Variations in Performance and Scalability When Migrating n-Tier Applications to Different Clouds , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[5]  M. Uysal,et al.  DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks , 2009, IEEE/ACM Transactions on Networking.

[6]  Gabriel Maciá-Fernández,et al.  LoRDAS: A Low-Rate DoS Attack against Application Servers , 2007, CRITIS.

[7]  Calton Pu,et al.  Lightning in the cloud: a study of very short bottlenecks on n-tierweb application performance , 2014 .

[8]  Taieb Znati,et al.  Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach , 2010, IEEE Transactions on Parallel and Distributed Systems.

[9]  Calton Pu,et al.  Detecting Transient Bottlenecks in n-Tier Applications through Fine-Grained Analysis , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems.

[10]  Amir Herzberg,et al.  Socket overloading for fun and cache-poisoning , 2013, ACSAC.

[11]  Luiz André Barroso,et al.  The tail at scale , 2013, CACM.

[12]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[13]  James B. Rawlings,et al.  A new autocovariance least-squares method for estimating noise covariances , 2006, Autom..

[14]  Giuseppe Serazzi,et al.  Java Modelling Tools: an Open Source Suite for Queueing Network Modelling andWorkload Analysis , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[15]  Jie Yu,et al.  A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks , 2007, International Conference on Networking and Services (ICNS '07).

[16]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[17]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[18]  Anees Shaikh,et al.  Remote Profiling of Resource Constraints of Web Servers Using Mini-Flash Crowds , 2008, USENIX Annual Technical Conference.

[19]  Calton Pu,et al.  milliScope: A Fine-Grained Monitoring Framework for Performance Debugging of n-Tier Web Services , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[20]  S. Wittevrongel,et al.  Queueing systems , 2019, Autom..

[21]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[22]  Chengxu Ye,et al.  Detection of application layer distributed denial of service , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[23]  Vern Paxson,et al.  Temporal Lensing and Its Application in Pulsing Denial-of-Service Attacks , 2015, 2015 IEEE Symposium on Security and Privacy.

[24]  Salman Baset,et al.  Cloud SLAs: present and future , 2012, OPSR.

[25]  Jelena Mirkovic,et al.  Modeling Human Behavior for Defense Against Flash-Crowd Attacks , 2009, 2009 IEEE International Conference on Communications.

[26]  Ron Kohavi,et al.  Online Experiments: Lessons Learned , 2007, Computer.

[27]  Qiben Yan,et al.  Very Short Intermittent DDoS Attacks in an Unsaturated System , 2017, SecureComm.

[28]  Maurizio Aiello,et al.  Taxonomy of Slow DoS Attacks to Web Applications , 2012, SNDS.

[29]  Chih-Wei Chen,et al.  CICADAS: Congesting the Internet with Coordinated and Decentralized Pulsating Attacks , 2016, AsiaCCS.

[30]  Ying Zhang,et al.  Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing , 2007, NDSS.

[31]  Shunzheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[32]  T. Başar,et al.  A New Approach to Linear Filtering and Prediction Problems , 2001 .

[33]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[34]  Kristal Curtis Determining SLO Violations at Compile Time , 2010 .

[35]  Calton Pu,et al.  A Study of Long-Tail Latency in n-Tier Systems: RPC vs. Asynchronous Invocations , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[36]  Marshall Copeland,et al.  Microsoft Azure , 2015, Apress.

[37]  G. J. A. Stern,et al.  Queueing Systems, Volume 2: Computer Applications , 1976 .