Automated Detection and Mitigation of Application-level Asymmetric DoS Attacks

This paper presents a novel integrated platform for the automatic detection and mitigation of denial-of-service (DoS) attacks in networked systems. Recently, these attacks have evolved from simple flooding at the network layer to targeted, application-specific asymmetric attacks. Because of this trend, existing techniques---which rely primarily on network classification at the edge or core routing devices---are becoming ineffective. Our platform integrates machine learning with fine-grained application-level performance metrics and monitoring statistics at the software's components to achieve precise traffic classification for detecting application-specific attacks in real time. When an attack is detected, the platform will then automatically isolate suspicious traffic by routing it to separate component instances with a fixed resource reservation, thus preventing it from interfering with the rest of the system. Our evaluation using a range of asymmetric attacks shows that our detection technique is highly effective and that the close-loop integration of real-time detection and traffic isolation can deliver substantially better quality-of-service for good users in the presence of attacks than the default mitigation using dynamic scaling of resource alone.

[1]  Karim Afdel,et al.  Semi-supervised machine learning approach for DDoS detection , 2018, Applied Intelligence.

[2]  Ali A. Ghorbani,et al.  Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling , 2017, Comput. Networks.

[3]  John Pescatore DDoS Attacks Advancing and Enduring : A SANS Survey , 2015 .

[4]  Ion Stoica,et al.  Occupy the cloud: distributed computing for the 99% , 2017, SoCC.

[5]  Francisco Servant,et al.  Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS) , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[6]  Song Guo,et al.  Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient , 2012, IEEE Transactions on Parallel and Distributed Systems.

[7]  Geert Deconinck,et al.  Analyzing well-known countermeasures against distributed denial of service attacks , 2012, Comput. Commun..

[8]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[9]  Xiapu Luo,et al.  SkyShield: A Sketch-Based Defense System Against Application Layer DDoS Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[10]  Hongyuan Wang,et al.  Real-time detection of application-layer DDoS attack using time series analysis , 2013 .

[11]  Donald Beaver,et al.  Dapper, a Large-Scale Distributed Systems Tracing Infrastructure , 2010 .

[12]  Thomas C. Schmidt,et al.  Amplification and DRDoS Attack Defense - A Survey and New Perspectives , 2015, ArXiv.

[13]  Rodrigo Fonseca,et al.  Retro: Targeted Resource Management in Multi-tenant Distributed Systems , 2015, NSDI.

[14]  Angelos Stavrou,et al.  Practical and Accurate Runtime Application Protection Against DoS Attacks , 2017, RAID.

[15]  Michael Backes,et al.  Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks , 2016, CCS.

[16]  Wanlei Zhou,et al.  Detection and defense of application-layer DDoS attacks in backbone web traffic , 2014, Future Gener. Comput. Syst..