Mitigating Browser-based DDoS Attacks using CORP

被引:2
|
作者
Agrawall, Akash [1 ]
Chaitanya, Krishna [2 ]
Agrawal, Arnav Kumar [3 ]
Choppella, Venkatesh [1 ]
机构
[1] IIIT Hyderabad, Hyderabad, India
[2] Microsoft India, Hyderabad, India
[3] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA
来源
PROCEEDINGS OF THE 10TH INNOVATIONS IN SOFTWARE ENGINEERING CONFERENCE | 2017年
关键词
DDoS; Browser-based DDoS; Browser; !text type='Java']Java[!/text]script; Cross-origin requests; MITM (Man in the middle);
D O I
10.1145/3021460.3021477
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
On March 27, 2015, Github witnessed a massive DDoS attack, the largest in Github's history till date. In this incident, browsers and users were used as vectors to launch the attack. In this paper, we analyse such browser-based DDoS attacks and simulate them in a lab environment. Existing browser security policies like Same Origin Policy (SOP), Content Security Policy (CSP) do not mitigate these attacks by design. In this paper we observe that CORP (Cross Origin Request Policy), a browser security policy, can be used to mitigate these attacks. CORP enables a server to control cross-origin interactions initiated by a browser. The browser intercepts the cross-origin requests and blocks unwanted requests by the server. This takes the load off the server to mitigate the attack.
引用
收藏
页码:137 / 146
页数:10
相关论文
共 50 条
  • [21] Browser-based medical visualization system
    Virag, Ioan
    Stoicu-Tivadar, Lacramioara
    Amaricai, Elena
    2014 IEEE 9TH INTERNATIONAL SYMPOSIUM ON APPLIED COMPUTATIONAL INTELLIGENCE AND INFORMATICS (SACI), 2014, : 355 - 359
  • [22] Applying NFV/SDN in Mitigating DDoS Attacks
    Zhou, Luying
    Guo, Huaqun
    TENCON 2017 - 2017 IEEE REGION 10 CONFERENCE, 2017, : 2061 - 2066
  • [23] An Adaptive Control Mechanism for Mitigating DDoS Attacks
    Wu, Qingtao
    Zheng, Ruijuan
    Pu, Jiexin
    Sun, Shibao
    2009 IEEE INTERNATIONAL CONFERENCE ON AUTOMATION AND LOGISTICS ( ICAL 2009), VOLS 1-3, 2009, : 1760 - 1764
  • [24] Detecting and Mitigating DDOS Attacks in SDNs Using Deep Neural Network
    Nawaz, Gul
    Junaid, Muhammad
    Akhunzada, Adnan
    Gani, Abdullah
    Nawazish, Shamyla
    Yaqub, Asim
    Ahmed, Adeel
    Ajab, Huma
    CMC-COMPUTERS MATERIALS & CONTINUA, 2023, 77 (02): : 2157 - 2178
  • [25] Browser-based Hyperbolic Visualization of Graphs
    Miller, Jacob
    Kobourov, Stephen
    Huroyan, Vahan
    2022 IEEE 15TH PACIFIC VISUALIZATION SYMPOSIUM (PACIFICVIS 2022), 2022, : 71 - 80
  • [26] Digging into Browser-based Crypto Mining
    Rueth, Jan
    Zimmermann, Torsten
    Wolsing, Konrad
    Hohlfeld, Oliver
    IMC'18: PROCEEDINGS OF THE INTERNET MEASUREMENT CONFERENCE, 2018, : 70 - 76
  • [27] Browser-based applications: Popular but flawed?
    Silver M.S.
    Information Systems and e-Business Management, 2006, 4 (4) : 361 - 393
  • [28] Browser-based Online Applications: Something for Everyone!
    Descy, Don E.
    TECHTRENDS, 2007, 51 (02) : 3 - 5
  • [29] Browser-based Analysis ofWeb Framework Applications
    Kersten, Benjamin
    Goedicke, Michael
    ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE, 2010, (35): : 51 - 62
  • [30] Browser-based Web Content Sharing System
    An, Sanghong
    Oh, Hyeontaek
    Park, Sangmin
    Yang, Jinhong
    Choi, Jun Kyun
    2014 IEEE 11TH CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE (CCNC), 2014,
12345