Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
My Menu
Marked Items 
Alerts
Order History
Saved Items
All
Favorites
    
Book Chapter Printable view
A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks
large version

A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks

Book SeriesLecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
ISSN1867-8211 (Print) 1867-822X (Online)
VolumeVolume 18
BookScalable Information Systems
PublisherSpringer Berlin Heidelberg
DOI10.1007/978-3-642-10485-5
Copyright2009
ISBN978-3-642-10484-8 (Print) 978-3-642-10485-5 (Online)
DOI10.1007/978-3-642-10485-5_13
Pages175-191
Subject CollectionComputer Science
SpringerLink DateMonday, November 16, 2009
Add to marked items

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Scalable Information Systems
4th International ICST Conference, INFOSCALE 2009, Hong Kong, June 10-11, 2009, Revised Selected Papers
10.1007/978-3-642-10485-5_13
Peter Mueller, Jian-Nong Cao and Cho-Li Wang
A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks

Jie Yu18, 19 Contact Information, Chengfang Fang19 Contact Information, Liming Lu19 Contact Information and Zhoujun Li20 Contact Information

(18)  Department of Computer Science, National University of Defense Technology, China
(19)  Department of Computer Science, National University of Singapore, Singapore
(20)  School of Computer Science and Engineering, Beihang University, China
Abstract
Application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols, prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and attackers. Its key insight is that a server should give priority to protecting the connectivity of good users during application layer DDoS attacks, instead of identifying all the attack requests. The trust to clients is evaluated based on their visiting history, and used to schedule the service to their requests. We introduce license, for user identification (even beyond NATs) and storing the trust information at clients. The license is cryptographically secured against forgery or replay attacks. We realize this mitigation mechanism and implement it as a Java package and use it for simulation. Through simulation, we show that TMH is effective in mitigating session flooding attack: even with 20 times number of attackers, more than 99% of the sessions from legitimate users are accepted with TMH; whereas less than 18% are accepted without it.

Keywords  DDoS Attacks - Trust - Lightweight - Application layer

Contact Information Jie Yu
Email: yj@nudt.edu.cn

Contact Information Chengfang Fang
Email: c.fang@comp.nus.edu.sg

Contact Information Liming Lu
Email: luliming@comp.nus.edu.sg

Contact Information Zhoujun Li
Email: lizj@buaa.edu.cn
Fulltext Preview (Small, Large)
Image of the first page of the fulltext

References secured to subscribers.
more options
Find


Export this chapter
Export this chapter as RIS | Text
 
Frequently asked questions | General information on journals and books | Send us your feedback | Impressum | Contact
© Springer. Part of Springer Science+Business Media
Privacy, Disclaimer, Terms and Conditions, © Copyright Information
Remote Address: 38.107.191.111 • Server: mpweb03
HTTP User Agent: CCBot/1.0 (+http://www.commoncrawl.org/bot.html)