WEBTRAP: A Dynamic Defense Scheme Against Economic Denial of Sustainability Attacks

Economic Denial of Sustainability (EDoS) attacks have been threatening cloud consumers' financial viability due to the "pay-as-you-go" cloud resource charging scheme. EDoS attackers can take advantage of this pricing scheme to fraudulently consume the billable cloud resources from the cloud consumers and thus, drive up the cloud consumers' financial cost and eventually disrupt their economic sustainability. In this paper, we propose WEBTRAP, a defense scheme against EDoS attacks for web-based systems. WEBTRAP consists of two major components. On one side, it dynamically changes/updates web resource addresses so that the web-based system is equipped with a moving target defense capability to make attackers unable to exploit web resources. On the other side, WEBTRAP injects carefully-designed traps in a real-time manner to detect attackers. The trap injection process is guided by an online control-based algorithm to balance the damage introduced by the attackers and the potential side-impacts on benign clients and minimize the overall cost. We conduct experiments to validate WEBTRAP's effectiveness under various types of websites. The evaluation results demonstrate that WEBTRAP is effective, by more than 80%, in reducing the cost suffered by the cloud consumers.