Credibility-Based Countermeasure Against Slow HTTP DoS Attacks by Using SDN

被引:11
|
作者
Wang, You-Chiun [1 ]
Ye, Ren-Xuan [1 ]
机构
[1] Natl Sun Yat Sen Univ, Dept Comp Sci & Engn, Kaohsiung, Taiwan
来源
2021 IEEE 11TH ANNUAL COMPUTING AND COMMUNICATION WORKSHOP AND CONFERENCE (CCWC) | 2021年
关键词
credibility; denial of service; slow HTTP DoS attack; software-defined networking (SDN); web service;
D O I
10.1109/CCWC51732.2021.9375911
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
In slow HTTP DoS (SHD) attacks, the attacker sends HTTP requests in pieces slowly, one at a time to a web server to exhaust its resource and achieve denial of service. Such attacks are easy to launch but hard to defend by conventional solutions like firewall. By exploiting the software-defined networking (SDN) technique, the paper proposes a credibility-based countermeasure against SHD attacks (CCSA), which appraises each client by its connections and the frequency that it sends fragmented requests. The connections of low-credibility clients will be blocked to avoid them depleting resource. When the server is short of resource, suspicious connections are then suspended to ensure the server's availability. Simulation results verify that CCSA can efficiently stop SHD attacks and keep low memory usage for the controller.
引用
收藏
页码:890 / 895
页数:6
相关论文
共 50 条
  • [21] Mitigating HTTP GET Flooding Attacks in SDN Using NetFPGA-based OpenFlow Switch
    An Nguyen Viet
    Luan Phung Van
    Hoang-Anh Nguyen Minh
    Huy Duong Xuan
    Nam Pham Ngoc
    Thanh Nguyen Huu
    2017 14TH INTERNATIONAL CONFERENCE ON ELECTRICAL ENGINEERING/ELECTRONICS, COMPUTER, TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY (ECTI-CON), 2017, : 660 - 663
  • [22] Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks
    Chonka, Ashley
    Xiang, Yang
    Zhou, Wanlei
    Bonti, Alessio
    JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2011, 34 (04) : 1097 - 1107
  • [23] SDNManager: A Safeguard Architecture for SDN DoS Attacks Based on Bandwidth Prediction
    Wang, Tao
    Chen, Hongchang
    Cheng, Guozhen
    Lu, Yulin
    SECURITY AND COMMUNICATION NETWORKS, 2018,
  • [24] Countermeasure against Backdoor Attacks using Epistemic Classifiers
    Yang, Zhaoyuan
    Virani, Nurali
    Iyer, Naresh S.
    ARTIFICIAL INTELLIGENCE AND MACHINE LEARNING FOR MULTI-DOMAIN OPERATIONS APPLICATIONS II, 2020, 11413
  • [25] SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks
    Mohammadi, Reza
    Javidan, Reza
    Conti, Mauro
    IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2017, 14 (02): : 487 - 497
  • [26] SDN/NFV-based framework for autonomous defense against slow-rate DDoS attacks by using reinforcement learning
    Yungaicela-Naula, Noe M.
    Vargas-Rosales, Cesar
    Perez-Diaz, Jesus A.
    FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE, 2023, 149 : 637 - 649
  • [27] Detectability of Low-Rate HTTP Server DoS Attacks using Spectral Analysis
    Brynielsson, Joel
    Sharma, Rishie
    PROCEEDINGS OF THE 2015 IEEE/ACM INTERNATIONAL CONFERENCE ON ADVANCES IN SOCIAL NETWORKS ANALYSIS AND MINING (ASONAM 2015), 2015, : 954 - 961
  • [28] An SDN based hopping multicast communication against DoS attack
    Zhao, Zheng
    Liu, Fenlin
    Gong, Daofu
    KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS, 2017, 11 (04): : 2196 - 2218
  • [29] SlowTrack: detecting slow rate Denial of Service attacks against HTTP with behavioral parameters
    Sood, Shaurya
    Hubballi, Neminath
    JOURNAL OF SUPERCOMPUTING, 2024, 80 (02): : 1788 - 1817
  • [30] SlowTrack: detecting slow rate Denial of Service attacks against HTTP with behavioral parameters
    Shaurya Sood
    Neminath Hubballi
    The Journal of Supercomputing, 2024, 80 : 1788 - 1817