KadCache: Employing Kad to Mitigate Flash Crowds and Application Layer DDoS Attacks Against Web Servers
نویسندگان
چکیده
Flash crowds or application layer DDoS attacks can severely degrade the availability of websites. Peer-to-peer (P2P) networks have been exploited to amplify DDoS attacks, but we believe their available resource, such as distributed storage and network bandwidth, can be used to mitigate both flash crowds and DDoS attacks. In this poster, we propose a server initiated approach to employing the P2P network as a distributed web cache, so that the workload directed to web servers can be reduced. The experiment using Kad demonstrates the feasibility and robustness of our approach. The latency is comparable to normal direct access to web servers, and the web contents cached in Kad remain reachable despite of the dynamic departure of peers.
منابع مشابه
Detection and defense of application-layer DDoS attacks in backbone web traffic
Web servers are usually located in a well-organized data center where these servers connect with the outside Internet directly through backbones. Meanwhile, the application-layer distributed denials of service (AL-DDoS) attacks are critical threats to the Internet, particularly to those business web servers. Currently, there are somemethods designed to handle the AL-DDoS attacks, but most of th...
متن کاملBotz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds (Awarded Best Student Paper)
Recent denial of service attacks are mounted by professionals using Botnets of tens of thousands of compromised machines. To circumvent detection, attackers are increasingly moving away from bandwidth floods to attacks that mimic the Web browsing behavior of a large number of clients, and target expensive higher-layer resources such as CPU, database and disk bandwidth. The resulting attacks are...
متن کاملAnomaly Detection on User Browsing Behaviors for Prevention App_ddos
Some of the hardest to mitigate distributed denial of service attacks (DDoS) are ones targeting the application layer. Over the time, researchers proposed many solutions to prevent denial of service attacks (DDoS) from IP and TCP layers instead of the application layer. New application Layer based DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectabl...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملA Cross-Layer Approach for Mitigating Denial of Service Attacks: Device-Driver Packet Filter and Remote Firewalling
This paper presents two methods to mitigate distributed denial of service attacks and flash crowds: device driver level packet filtering and remote firewall. Device driver level packet filtering is designed to eliminate harmful network traffic before it consumes the processing resource for higher network protocol layers at a production server. The remote firewall is designed with a cross-layer ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009