Mirage: Towards Deployable DDoS Defense for Web Applications
ثبت نشده
چکیده
Distributed Denial of Service (DDoS) attacks form a serious threat to the security of Internet services. However, despite over a decade of research, and the existence of several proposals to address this problem, there has been little progress to date on actual adoption. We present Mirage, a protocol that achieves comparable performance to other DDoS mitigation schemes while providing benefits when deployed only in the server’s local network and its upstream ISP, where local business objectives may incentivize deployment. Mirage does not require source end hosts to install any software to access Mirage protected websites. Our approach is that end hosts can thwart the attackers by employing the principle of a moving target: end hosts in our architecture periodically change IP addresses to keep the attackers guessing. Knowledge of an active IP address of the destination end host can act as an implicit authorization to send data. We evaluate Mirage using theoretical analysis, simulations and a prototype implementation on PlanetLab. We find that our design provides a first step towards a deployable, yet effective DDoS defense.
منابع مشابه
Mirage: Towards Deployable DDoS Defense for Web Applications
Distributed Denial of Service (DDoS) attacks form a serious threat to the security of Internet services. However, despite over a decade of research, and the existence of several proposals to address this problem, there has been little progress to date on actual adoption. We present Mirage, a protocol that achieves comparable performance to other DDoS mitigation schemes while providing benefits ...
متن کاملAn Active Distributed Defense System to Protect Web Applications from DDOS Attacks
Recently a number of highly publicized incidents of Distributed Denial of Service (DDoS) attacks against high-profile government and commercial websites have made people aware of the importance of providing data and services security to users. A DDoS attack is an availability attack, which is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from usi...
متن کاملMitigating High-Rate Application Layer DDoS Attacks in Software Defined Networks
Differently from previous attacks, many recent DDoS attacks have not been carried out over the network layer, but over the application layer. The main difference is that in the latter, an attacker can target a particular application of the server, while leaving the remaining applications still available, thus generating less traffic and being harder to detect. Recently, we have proposed the use...
متن کاملAn Integrated Approach to Defence Against Degrading Application-Layer DDoS Attacks
Application layer Distributed Denial of Service (DDoS) attacks are recognized as one of the most damaging attacks on the Internet security today. In our recent work [1], we have shown that unsupervised machine learning can be effectively utilized in the process of distinguishing between regular (human) and automated (web/botnet crawler) visitors to a web site. We have also shown that with a sli...
متن کاملReview on Ddos Attacks and Various Detection Mechanisms
DDoS attack is a coordinated attack on massive scale and it is a major threat in current computer networks. It is not easy to detect the attack , The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Detection mechanism is the first step to avoid the DDoS attack. Some of these mechanisms address a specific kin...
متن کامل