A Selective Defense for Application Layer DDoS Attacks


Distributed Denial of Service (DDoS) attacks remain among the most
dangerous and noticeable attacks on the Internet. Differently from
previous attacks, many recent DDoS attacks have not been carried
out over the Transport Layer, but over the Application Layer. The
main difference is that in the latter, an attacker can target a
particular application of the server, while leaving the others
applications still available, thus generating less traffic and
being harder to detected. Such attacks are possible by exploiting
Application Layer protocols used by the target application. This
talk proposes a novel defense, called SeVen, for Application Layer
DDoS attacks based on the Adaptive Selective Verification (ASV)
defense used for Transport Layer DDoS attacks. We used two
approaches to validate the SeVen: 1) Simulation: The entire defense
mechanism was formalized by Maude tool and simulated using a
statistical model checker (PVeStA). 2) Real scenario experiments:
Analysis of efficiency SeVen, implemented in C++, in a real
experiment on network. We investigate the resilience for mitigating
three attacks using the HTTP protocol: HTTP-POST, Slowloris, and
HTTP-GET. The defense is effective, with high levels of
availability, for all three types of attacks, despite having
different attack profiles, and even for a relatively large number
of attackers.