In this paper a novel method for detecting denial of service attacks (DoS) on web services are presented and evaluated by using decoy hyperlinks embedded in web pages. The decoys are hyperlinks without semantic information or are invisible to the human user, acting like traps for DoS attacks because a human user would never follow them. An attack on a web server is detected when such hyperlink is followed. This approach has significant advantages over other approaches like graphic Turing tests, it is transparent to the user, it can be used on general-purpose web sites and retains the web site's usability. The proposed method has been evaluated using real web sites and the results show false positive rates that are less than 10-4. A genetic algorithm is used for the optimum placement of the decoys using simulated web sites. The aspects of this new method are discussed and some experimental results are presented.
[1]
Srikanth Kandula,et al.
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
,
2005,
NSDI.
[2]
Tom Heskes,et al.
Automatic Categorization of Web Pages and User Clustering with Mixtures of Hidden Markov Models
,
2002,
WEBKDD.
[3]
George Karypis,et al.
Selective Markov models for predicting Web page accesses
,
2004,
TOIT.
[4]
Angelos D. Keromytis,et al.
Using graphic turing tests to counter automated DDoS attacks against web servers
,
2003,
CCS '03.
[5]
Angelos D. Keromytis,et al.
WebSOS: protecting web servers from DDoS attacks
,
2003,
The 11th IEEE International Conference on Networks, 2003. ICON2003..
[6]
Osmar R. Zaïane,et al.
Clustering Web sessions by sequence alignment
,
2002,
Proceedings. 13th International Workshop on Database and Expert Systems Applications.