Title:
Sustaining Availability of Web Services under Severe Denial of Service Attacks

dc.contributor.author Xu, Jun en_US
dc.date.accessioned 2005-06-17T17:43:02Z
dc.date.available 2005-06-17T17:43:02Z
dc.date.issued 2001 en_US
dc.description.abstract Denial of service (DoS) is one of the most difficult security problems to address. While most existing techniques (e.g., IP traceback) focus on tracing the location of the attackers after-the-fact, little is done on how to mitigate the effect of an attack while it is raging on. We design a system that can sustain the availability of web services during severe DoS attacks. We observe that one of the major difficulties in doing this is that packets sent by attackers (bad traffic) can be completely indistinguishable from packets sent by legitimate users (good traffic), forcing a large percentage of good traffic to be dropped as a consequence. We develop a protocol that can effectively separate these two types of traffic in a statistical sense, and this separation process is secure and robust against various attacks. Therefore, by provisioning adequate resource (e.g., bandwidth) to `good traffic'' separated by this process, we are able to provide fairly good service to a large percentage of users even during severe DoS attacks. For one example, during an attack where the incoming traffic rate is 5 times as high as the link rate (i.e., 80 percent of traffic has to be dropped), the system can continue to serve 59 percent of users, with only 39 percent increase to average end-to-end download time of web pages. In comparison, without such a defense, no user would receive any service due to the long retransmission timeouts caused by the heavy packet loss. Our system and protocol are completely compatible with HTTP (and HTTPS) protocols and do not require any modification to web server or client software. en_US
dc.format.extent 330893 bytes
dc.format.mimetype application/pdf
dc.identifier.uri http://hdl.handle.net/1853/6565
dc.language.iso en_US
dc.publisher Georgia Institute of Technology en_US
dc.relation.ispartofseries CC Technical Report; GIT-CC-01-10 en_US
dc.subject Denial of Service (DoS)
dc.subject Computer security
dc.subject Traffic theory
dc.title Sustaining Availability of Web Services under Severe Denial of Service Attacks en_US
dc.type Text
dc.type.genre Technical Report
dspace.entity.type Publication
local.contributor.corporatename College of Computing
local.relation.ispartofseries College of Computing Technical Report Series
relation.isOrgUnitOfPublication c8892b3c-8db6-4b7b-a33a-1b67f7db2021
relation.isSeriesOfPublication 35c9e8fc-dd67-4201-b1d5-016381ef65b8
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
GIT-CC-01-10.pdf
Size:
323.14 KB
Format:
Adobe Portable Document Format
Description: