Intrusion Tolerant Approach for Denial of Service Attacks to Web Services

Intrusion Detection Systems are the major technology used for protecting information systems. However, they do not directly detect intrusion, but they only monitor the attack symptoms. Therefore, no assumption can be made on the outcome of the attack, no assurance can be assumed once the system is compromised. The intrusion tolerance techniques focus on providing minimal level of services, even when the system has been partially compromised. This paper presents an intrusion tolerant approach for Denial of Service attacks to Web Services. It focuses on the detection of attack symptoms as well as the diagnosis of intrusion effects in order to perform a proper reaction only if the attack succeeds. In particular, this work focuses on a specific Denial of Service attack, called Deeply-Nested XML. Preliminary experimental results show that the proposed approach results in a better performance of the Intrusion Detection Systems, in terms of increasing diagnosis capacity as well as reducing the service unavailability during an intrusion.

[1]  Jörg Schwenk,et al.  The Accountability Problem of Flooding Attacks in Service-Oriented Architectures , 2009, 2009 International Conference on Availability, Reliability and Security.

[2]  Desmond Allan Schmidt,et al.  Validating Denial of Service Vulnerabilities in Web Services , 2010, 2010 Fourth International Conference on Network and System Security.

[3]  Miguel Correia,et al.  The CRUTIAL reference critical information infrastructure architecture: a blueprint , 2008, Int. J. Syst. Syst. Eng..

[4]  Nils Gruschka,et al.  A survey of attacks on web services , 2009, Computer Science - Research and Development.

[5]  Senthil Mani,et al.  Preventing Service Oriented Denial of Service (PreSODoS): A Proposed Approach , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[6]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[7]  Luigi Coppolino,et al.  A Weight-Based Symptom Correlation Approach to SQL Injection Attacks , 2009, 2009 Fourth Latin-American Symposium on Dependable Computing.

[8]  Nils Gruschka,et al.  SOA and Web Services: New Technologies, New Standards - New Attacks , 2007, Fifth European Conference on Web Services (ECOWS'07).

[9]  Marc Hadley,et al.  Web Services Addressing 1.0 - SOAP Binding , 2005 .

[10]  Magnus Almgren,et al.  An Adaptive Intrusion-Tolerant Server Architecture , 2004 .

[11]  Miguel Correia,et al.  Intrusion-Tolerant Architectures: Concepts and Design , 2002, WADS.

[12]  Neeraj Suri,et al.  On-Line Diagnosis and Recovery: On the Choice and Impact of Tuning Parameters , 2007, IEEE Transactions on Dependable and Secure Computing.

[13]  Massimo Ficco Achieving Security by Intrusion-Tolerance Based on Event Correlation , 2010, Netw. Protoc. Algorithms.

[14]  Eric Totel,et al.  COTS Diversity Based Intrusion Detection and Application to Web Servers , 2005, RAID.

[15]  Paolo Traverso,et al.  Service-Oriented Computing: State of the Art and Research Challenges , 2007, Computer.

[16]  Will Iverson Real world web services - integrating eBay, Google, Amazon, FedEx, and more , 2004 .

[17]  B. Dutertre,et al.  Intrusion tolerant software architectures , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[18]  Marcello Cinque,et al.  On data dissemination for large-scale complex critical infrastructures , 2012, Comput. Networks.

[19]  Jun Xu,et al.  Sustaining Availability of Web Services under Distributed Denial of Service Attacks , 2003, IEEE Trans. Computers.

[20]  George M. Mohay,et al.  A Distributed Denial of Service Testbed , 2010, HCC.

[21]  Paul Watson,et al.  Experiments Towards Adaptation of Concurrent Workflows , 2007, ECOWS 2007.

[22]  Vincent Nicomette,et al.  The Design of a Generic Intrusion-Tolerant Architecture for Web Servers , 2009, IEEE Transactions on Dependable and Secure Computing.