TY - GEN
T1 - A simple effective scheme to enhance the capability of web servers using P2P networks
AU - Yu, Jie
AU - Lu, Liming
AU - Li, Zhoujun
AU - Wang, Xiaofeng
AU - Su, Jinshu
PY - 2010
Y1 - 2010
N2 - Nowadays, web servers are suffering from flash crowds and application layer DDoS attacks that can severely degrade the availability of services. It is difficult to prevent them because they comply with the communication protocol. Peer-to-peer (P2P) networks have been exploited to amplify DDoS attacks, but we believe their available resource, such as distributed storage and network bandwidth, can be used to mitigate both flash crowds and DDoS attacks. In this paper, we propose a server initiated approach to employ deployed P2P networks as distributed web caches, so that the workload directed to web servers can be reduced. In experiments, we use Kad as the particular P2P network for the realization of a large-scale distributed web cache. We performed comprehensive evaluation on the feasibility, efficiency and robustness of our scheme, through experiments and simulations on the prototype we implemented. The evaluation results show that our scheme can increase the capacity of the protected web servers at least 10 times at the same cost of connection and bandwidth consumption. The web contents cached in Kad remain reachable even under churn of peers and targeted DoS attack, and the access latency is comparable to normal direct access to web servers. It also achieves good load balancing under the heavy-tailed distribution of object popularity.
AB - Nowadays, web servers are suffering from flash crowds and application layer DDoS attacks that can severely degrade the availability of services. It is difficult to prevent them because they comply with the communication protocol. Peer-to-peer (P2P) networks have been exploited to amplify DDoS attacks, but we believe their available resource, such as distributed storage and network bandwidth, can be used to mitigate both flash crowds and DDoS attacks. In this paper, we propose a server initiated approach to employ deployed P2P networks as distributed web caches, so that the workload directed to web servers can be reduced. In experiments, we use Kad as the particular P2P network for the realization of a large-scale distributed web cache. We performed comprehensive evaluation on the feasibility, efficiency and robustness of our scheme, through experiments and simulations on the prototype we implemented. The evaluation results show that our scheme can increase the capacity of the protected web servers at least 10 times at the same cost of connection and bandwidth consumption. The web contents cached in Kad remain reachable even under churn of peers and targeted DoS attack, and the access latency is comparable to normal direct access to web servers. It also achieves good load balancing under the heavy-tailed distribution of object popularity.
KW - DDoS
KW - DHT
KW - Flash crowds
KW - Web server
UR - https://www.scopus.com/pages/publications/78649604249
U2 - 10.1109/ICPP.2010.76
DO - 10.1109/ICPP.2010.76
M3 - 会议稿件
AN - SCOPUS:78649604249
SN - 9780769541563
T3 - Proceedings of the International Conference on Parallel Processing
SP - 680
EP - 689
BT - Proceedings - 39th International Conference on Parallel Processing, ICPP 2010
T2 - 39th International Conference on Parallel Processing, ICPP 2010
Y2 - 13 September 2010 through 16 September 2010
ER -