Web Application DDoS Attack Defense Using Access Correlation
Main Article Content
Abstract
Web application distributed denial-of-service attack (Web-app DDOS Attack) is a common dangerous attack that hackers use to attack the information systems of organizations. Web application is often hackers' target because this kind of application is an external interface of an organization to provide the organization's activities services. In addition, due to the emergence of weaknesses and security holes in applications and operating systems, hackers can easily create a large-scale botnet for more effective Web-app DDoS Attack. In fact, there have been many research projects related to the defense against this type of attack. However, DDOS attacks still cause serious damage to the systems of organizations due to the attack methods are increasingly sophisticated and constantly changing. In this study, we propose a method for Web-App DDoS Attack mitigation on the basis of analyzing the relationship among the requests sent to the Web application to find out the source IP address of malicious requests and to perform mitigation. Our method provides a set of criteria that allows to determine whether a source IP address is normal or malicious in a short period of time. The criteria also make it difficult for hackers change the attack methods to overcome the characteristics of the criteria.
Keywords
DDoS Attacks, Flood Attack, Web-App DDoS Attack
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
References
[1]. T.M. Thang, Van K. Nguyen (2017), FDDA: A Framework for Fast Detecting Source Attack in Web Application DDoS Attack, SoICT 17: Eighth International Symposium on Information and Communication Technology, December 7–8, 2017, Nha Trang City, Viet Nam. ACM, New York, NY, USA, https://doi.org/10.1145/3155133.3155173.
[2]. K. Munivara Prasad, A. Rama Mohan Reddy, K. Venu Gopal Rao, An Experiential Metrics-Based Machine Learning Approach for Anomaly Based Real Time Prevention (ARTP) of App-DDoS Attacks on Web, Artificial Intelligence and Evolutionary Computations in Engineering Systems pp 99-112, March 2018.
[3]. M.I. MIT, in Darpa Intrusion Detection Evaluation. Retrieved from Lincoln Laboratory: https://www.ll.mit.edu/ideval/data/1998data.html.
[4]. D.M. Powers, in Evaluation: from Precision, Recall and F-measure to ROC, Informedness, Markedness and Correlation, 23rd international conference on machine learning (Pitsburg, 2006).
[5]. Qin Liao, Hong Li, Songlin Kang, Chuchu Liu, Feature extraction and construction of application layer DDoS attack based on user behavior, Proceedings of the 33rd Chinese Control Conference, July 2014.
[6]. Ko Ko Oo, Kyaw Zaw Ye, Hein Tun, Kyaw Zin Lin and E.M. Portnov, “Enhancement of Preventing Application Layer Based on DDOS Attacks by Using Hidden Semi-Markov Model”, Genetic and Evolutionary Computing pp 125-135, August 2015.
[7]. https://www.gns3.com/
[8]. K. J. Higgins, Researchers to Demonstrate New Attack That Exploits HTTP, Nov. 01, 2010, [online] http://www.darkreading.com/vulnerabilitymanageme nt/167901026security/attacksbreaches/228000532/ind ex.html.
[9]. RioRey, Inc. 2009-2012, RioRey Taxonomy of DDoS Attacks, RioRey Taxonomy Rev 2.3 2012, 2012. [online]. http://www.riorey.com/x-resources/2012/RioRey Taxonomy DDoS Attacks 2012.pdf.
[2]. K. Munivara Prasad, A. Rama Mohan Reddy, K. Venu Gopal Rao, An Experiential Metrics-Based Machine Learning Approach for Anomaly Based Real Time Prevention (ARTP) of App-DDoS Attacks on Web, Artificial Intelligence and Evolutionary Computations in Engineering Systems pp 99-112, March 2018.
[3]. M.I. MIT, in Darpa Intrusion Detection Evaluation. Retrieved from Lincoln Laboratory: https://www.ll.mit.edu/ideval/data/1998data.html.
[4]. D.M. Powers, in Evaluation: from Precision, Recall and F-measure to ROC, Informedness, Markedness and Correlation, 23rd international conference on machine learning (Pitsburg, 2006).
[5]. Qin Liao, Hong Li, Songlin Kang, Chuchu Liu, Feature extraction and construction of application layer DDoS attack based on user behavior, Proceedings of the 33rd Chinese Control Conference, July 2014.
[6]. Ko Ko Oo, Kyaw Zaw Ye, Hein Tun, Kyaw Zin Lin and E.M. Portnov, “Enhancement of Preventing Application Layer Based on DDOS Attacks by Using Hidden Semi-Markov Model”, Genetic and Evolutionary Computing pp 125-135, August 2015.
[7]. https://www.gns3.com/
[8]. K. J. Higgins, Researchers to Demonstrate New Attack That Exploits HTTP, Nov. 01, 2010, [online] http://www.darkreading.com/vulnerabilitymanageme nt/167901026security/attacksbreaches/228000532/ind ex.html.
[9]. RioRey, Inc. 2009-2012, RioRey Taxonomy of DDoS Attacks, RioRey Taxonomy Rev 2.3 2012, 2012. [online]. http://www.riorey.com/x-resources/2012/RioRey Taxonomy DDoS Attacks 2012.pdf.