A Novel Scheme for Mitigating Botnet-Based DDoS Attacks

Botnet-based distributed denial of service (DDoS) attacks represent an emerging and sophisticated threat for today’s Internet. Attackers are now able to mimic the behavior of legitimate users to a great extent, making the issue of countering these attacks very challenging. This paper proposes a novel scheme to mitigate botnet-based DDoS attacks. The proposed scheme, called JUST-Google, utilizes Google’s strategic position as an entrance for today’s Internet to distinguish between legitimate traffic and attack traffic. The main idea of JUST-Google is to let ISP’s edge routers allow traffic originating from sources that are approved by Google and destined to a victim within that ISP to pass while filtering all other traffic destined to the same victim. In this context, we propose that GoogleTM can offer a paid service to identify legitimate sources by directing users who want to access a web site under attack to a group of nodes that will perform authentication in which users are required to solve a reverse Turing test to obtain access to the web server. We evaluate the proposed scheme through a combination of theoretical analysis and experimental studies. Our studies show that JUST-Google provides a great chance for legitimate clients to access a web site that is under a botnet-based DDoS attack without imposing a significant overhead.

[1]  Xin Liu,et al.  NetFence: preventing internet denial of service from inside out , 2010, SIGCOMM '10.

[2]  John C. Mitchell,et al.  How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation , 2010, 2010 IEEE Symposium on Security and Privacy.

[3]  G. Manimaran,et al.  JUST-Google: A Search Engine-Based Defense Against Botnet-Based DDoS Attacks , 2009, 2009 IEEE International Conference on Communications.

[4]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[5]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[6]  Brian Rexroad,et al.  Wide-Scale Botnet Detection and Characterization , 2007, HotBots.

[7]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[8]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[9]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[10]  Thorsten Holz A Short Visit to the Bot Zoo , 2005, IEEE Secur. Priv..

[11]  Anat Bremler-Barr,et al.  Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[12]  Brent Byunghoon Kang,et al.  Peer-to-Peer Botnets: Overview and Case Study , 2007, HotBots.

[13]  Guofei Gu,et al.  A Taxonomy of Botnet Structures , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[14]  Thomas E. Anderson,et al.  Phalanx: Withstanding Multimillion-Node Botnets , 2008, NSDI.

[15]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2002, IEEE 2002 Tenth IEEE International Workshop on Quality of Service (Cat. No.02EX564).

[16]  Andreas Terzis,et al.  A multifaceted approach to understanding the botnet phenomenon , 2006, IMC '06.

[17]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[18]  Vinod Yegneswaran,et al.  An Inside Look at Botnets , 2007, Malware Detection.

[19]  C. Siva Ram Murthy,et al.  Resource management in real-time systems and networks , 2001 .

[20]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.