Modular System for Mitigating Flood Attacks
نویسنده
چکیده
Denial-of-Service (DoS) flooding attacks have become a serious threat to the reliability of the Internet. Web servers face all kinds of users; some of them engage malicious activities to degrade or completely block network services, such as flooding attacks. As a result, lots of resource and bandwidth on web sites might be wasted. While many approaches exist to filter network-level attacks, the application level attacks are harder to detect at the firewall. Filtering at this level can be computationally expensive and difficult to scale, while still producing false positives that block legitimate users. This paper presents a web application level approach to mitigate DoS attacks. The proposed method is to build a security gateway module with reverse proxy support that provides attack surface reduction enhancements against the HTTP Flood Attacks at the web application level. Web-based anomaly detection with reverse HTTP proxy which intercepts traffic and protects web application by providing users with a CAPTCHA to verify legitimate requests is used. Keywords— DoS, HTTP Flood Attack, CAPTCHA, False
منابع مشابه
HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملDoS Attacks Flood Techniques
DoS attacks (Denial of Service) are one of the main problems on computer security field. Usually these attacks result in the loss of network connectivity due to excessive bandwidth-consuming and resource bottlenecks of the system attacked. DoS attacks can occur in various ways; however all of them have in common the use of IP protocol. This work presents the effects on network elements and secu...
متن کاملLow-Cost Client Puzzles Based on Modular Exponentiation
Client puzzles have been proposed as a useful mechanism for mitigating Denial of Service attacks on network protocols. While several puzzles have been proposed in recent years, most existing nonparallelizable puzzles are based on modular exponentiations. The main drawback of these puzzles is in the high cost that they incur on the puzzle generator (the verifier). In this paper, we propose crypt...
متن کاملCERIAS Tech Report 2005-121 ON THE SURVIVABILITY OF ROUTING PROTOCOLS IN AD HOC WIRELESS NETWORKS
Survivable routing protocols are able to provide service in the presence of attacks and failures. The strongest attacks that protocols can experience are attacks where adversaries have full control of a number of authenticated nodes that behave arbitrarily to disrupt the network, also referred to as Byzantine attacks. This work examines the survivability of ad hoc wireless routing protocols in ...
متن کاملMitigating Byzantine Attacks in Ad Hoc Wireless Networks
Attacks where adversaries have full control of a number of authenticated devices and behave arbitrarily to disrupt the network are referred to as Byzantine attacks. Traditional secure routing protocols are vulnerable to this class of attacks since they usually assume that once authenticated, a node can be trusted to execute the protocol correctly. We present a detailed description of several By...
متن کامل