TY - GEN
T1 - A lightweight mechanism to mitigate application layer DDoS attacks
AU - Yu, Jie
AU - Fang, Chengfang
AU - Lu, Liming
AU - Li, Zhoujun
PY - 2009
Y1 - 2009
N2 - Application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols, prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and attackers. Its key insight is that a server should give priority to protecting the connectivity of good users during application layer DDoS attacks, instead of identifying all the attack requests. The trust to clients is evaluated based on their visiting history, and used to schedule the service to their requests. We introduce license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. We realize this mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that TMH is effective in mitigating session flooding attack: even with 20 times number of attackers, more than 99% of the sessions from legitimate users are accepted with TMH; whereas less than 18% are accepted without it.
AB - Application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols, prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and attackers. Its key insight is that a server should give priority to protecting the connectivity of good users during application layer DDoS attacks, instead of identifying all the attack requests. The trust to clients is evaluated based on their visiting history, and used to schedule the service to their requests. We introduce license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. We realize this mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that TMH is effective in mitigating session flooding attack: even with 20 times number of attackers, more than 99% of the sessions from legitimate users are accepted with TMH; whereas less than 18% are accepted without it.
KW - Application layer
KW - DDoS attacks
KW - Lightweight
KW - Trust
UR - https://www.scopus.com/pages/publications/84868307433
U2 - 10.1007/978-3-642-10485-5_13
DO - 10.1007/978-3-642-10485-5_13
M3 - 会议稿件
AN - SCOPUS:84868307433
SN - 3642104843
SN - 9783642104848
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
SP - 175
EP - 191
BT - Scalable Information Systems - 4th International ICST Conference, INFOSCALE 2009, Revised Selected Papers
T2 - 4th International ICST Conference on Scalable Information Systems, INFOSCALE 2009
Y2 - 10 June 2009 through 11 June 2009
ER -