Scalable Information Systems. 4th International ICST Conference, INFOSCALE 2009, Hong Kong, June 10-11, 2009, Revised Selected Papers

Research Article

A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks

Download
501 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-10485-5_13,
        author={Jie Yu and Chengfang Fang and Liming Lu and Zhoujun Li},
        title={A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks},
        proceedings={Scalable Information Systems. 4th International ICST Conference, INFOSCALE 2009, Hong Kong, June 10-11, 2009, Revised Selected Papers},
        proceedings_a={INFOSCALE},
        year={2012},
        month={5},
        keywords={DDoS Attacks Trust Lightweight Application layer},
        doi={10.1007/978-3-642-10485-5_13}
    }
    
  • Jie Yu
    Chengfang Fang
    Liming Lu
    Zhoujun Li
    Year: 2012
    A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks
    INFOSCALE
    Springer
    DOI: 10.1007/978-3-642-10485-5_13
Jie Yu,*, Chengfang Fang1,*, Liming Lu1,*, Zhoujun Li2,*
  • 1: National University of Singapore
  • 2: Beihang University
*Contact email: yj@nudt.edu.cn, c.fang@comp.nus.edu.sg, luliming@comp.nus.edu.sg, lizj@buaa.edu.cn

Abstract

Application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols, prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet () as a partial solution to this problem, which is a lightweight mitigation mechanism that uses to differentiate legitimate users and attackers. Its key insight is that a server should give priority to protecting the connectivity of good users during application layer DDoS attacks, instead of identifying all the attack requests. The trust to clients is evaluated based on their visiting history, and used to schedule the service to their requests. We introduce , for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. We realize this mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that is effective in mitigating session flooding attack: even with 20 times number of attackers, more than 99% of the sessions from legitimate users are accepted with ; whereas less than 18% are accepted without it.