Mitigating Botnet-based DDoS Attacks against Web Servers

Distributed denial-of-service (DDoS) attacks have become wide-spread on the Internet. They continuously target retail merchants, financial companies and government institutions, disrupting the availability of their online resources and causing millions of dollars of financial losses. Software vulnerabilities and proliferation of malware have helped create a class of application-level DDoS attacks using networks of compromised hosts (botnets). In a botnet-based DDoS attack, an attacker orders large numbers of bots to send seemingly regular HTTP and HTTPS requests to a web server, so as to deplete the server's CPU, disk, or memory capacity. Researchers have proposed client authentication mechanisms, such as CAPTCHA puzzles, to distinguish bot traffic from legitimate client activity and discard bot-originated packets. However, CAPTCHA authentication is vulnerable to denial-of-service and artificial intelligence attacks. This dissertation proposes that clients instead use hardware tokens to authenticate in a federated authentication environment. The federated authentication solution must resist both man-in-the-middle and denial-of-service attacks. The proposed system architecture uses the Kerberos protocol to satisfy both requirements. This work proposes novel extensions to Kerberos to make it more suitable for generic web authentication. A server could verify client credentials and blacklist repeated offenders. Traffic from blacklisted clients, however, still traverses the server's network stack and consumes server resources. This work proposes Sentinel, a dedicated front-end network device that intercepts server-bound traffic, verifies authentication credentials and filters blacklisted traffic before it reaches the server. Using a front-end device also allows transparently deploying hardware acceleration using network co-processors. Network co-processors can discard blacklisted traffic at the hardware level before it wastes front-end host resources. We implement the proposed system architecture by integrating existing software applications and libraries. We validate the system implementation by evaluating its performance under DDoS attacks consisting of floods of HTTP and HTTPS requests

Mitigating Denial of Service Attacks with Load Balancing

Denial of service (DoS) attack continues to pose a huge risk to online businesses. The attack has moved from attack at the network level – layer 3 and layer 4 to the layer 7 of the OSI model. This layer 7 attack or application layer attack is not easily detectable by firewalls and most intrusion Detection systems and other security tools but have the capability of bringing down a well-equipped web server. The wide availability and easy accessibility of the attack tools makes this type of security risk very easy to execute, very prolific and difficult to completely mitigate. There have been an increasing number of such attacks against the web server infrastructures of many organisations being recorded. The aim of this research is to look at some layer 7 application DDoS attack tools and test open source tools that offer some form of defense against these attacks. The research deployed open source load balancing software, HAProxy as a first line of defense against Denial of Service attack. The three components of the popular free open source data analysis tool, Elastic stack framework- Logstash, Elasticsearch and Kibana were used to collect logs from the web server, filter and query the logs and then display results in dashboards and graphs to help in the identification of an attack by analysing the visually displayed log data. Rules are also setup to alert the business of anomalies detected based on pre-determined benchmarks

Distributed Denial of Service Attack Detection

Distributed Denial of Service (DDoS) attacks on web applications has been a persistent threat. Successful attacks can lead to inaccessible service to legitimate users in time and loss of business reputation. Most research effort on DDoS focused on network layer attacks. Existing approaches on application layer DDoS attack mitigation have limitations such as the lack of detection ability for low rate DDoS and not being able to detect attacks targeting resource files. In this work, we propose DDoS attack detection using concepts from information retrieval and machine learning. We include two popular concepts from information retrieval: Term Frequency (TF)-Inverse Document Frequency (IDF) and Latent Semantic Indexing (LSI). We analyzed web server log data generated in a distributed environment. Our evaluation results indicate that while all the approaches can detect various ranges of attacks, information retrieval approaches can identify attacks ongoing in a given session. All the approaches can detect three well known application level DDoS attacks (trivial, intermediate, advanced). Further, these approaches can enable an administrator identifying new pattern of DDoS attacks

Analisis Sistem Security Information and Event Management (SIEM) Aplikasi Wazuh pada Dinas Komunikasi Informatika Statistik dan Persandian Sulawesi Selatan

The South Sulawesi Communication Informatics Statistics and Standardization Office is an implementer of government affairs that assists in carrying out government affairs in the fields of communication, informatics, statistics, and signage. Currently, agencies are utilizing technological developments to maximize their performance, such as the use of web servers to provide information and provide services. But of course this can cause problems such as data theft. Because of the many threats that can attack at any time. Therefore, an application is needed that can prevent this from happening. In order to overcome this, a monitoring system is implemented using the Wazuh application which is an application of SIEM. to find out how this application works in the event of an attack, testing will be carried out using 2 types of attacks, namely Distributed Denial of Service (DDoS) Slowloris and Brute Force. In this test, data will be taken in the form of application responses, namely the response time of the Wazuh application and the classification of the Wazuh application level against DDoS and Brute Force attacks which will be displayed on the Wazuh application Dashboard. Based on the test results, the wazuh application successfully detects DDoS Slowloris and Brute force attacks and can classify these two attacks at levels 3 to 10

Developing a Mobile-Commerce Financial Transaction Processing Model

The topic for this Master’s Thesis is selected in compliance with the guidelines to complete a Master of Science in Applied Computer Science at Columbus State University. The problem to be addressed by this thesis is to produce an open standard for an m-commerce financial transaction processing system based on current e-commerce standards and mobile technology. This solution was to be specifically designed to build upon the strengths of a mobile platform using current smartphone and tablet technology. An open source software stack in combination with a cloud computing solution was used to create a working example of the specification. Load testing and Denial of Service attack testing were completed to test the stability and capacity of the implementation. It was found that the initial implementation of the specification was able to accommodate a moderate level of concurrent transactions and connected users. It was also found that the system was brought down with a slow header denial of service attack, but was able to withstand a slowloris denial of service attack. An Android native application was built as a sample implementation of a mobile client for the system

Denial of Service in Voice Over IP Networks

In this paper we investigate denial of service (DoS) vulnerabilities in Voice over IP (VoIP) systems, focusing on the ITU-T H.323 family of protocols. We provide a simple characterisation of DoS attacks that allows us to readily identify DoS issues in H.323 protocols. We also discuss network layer DoS vulnerabilities that affect VoIP systems. A number of improvements and further research directions are proposed

Defending Against Denial of Service

Civil Society currently faces significant cyber threats. At the top of the list of those threats are Denial of Service (DoS) attacks. The websites of many organizations and individuals have already come under such attacks, and the frequency of those attacks are on the rise. Civil Society frequently does not have the kinds of resources or technical know-how that is available to commercial enterprise and government websites, and often have to exist in adverse political environments where every avenue available, both legal and illegal, is used against them. Therefore, the threat of DoS attacks is unlikely to go away any time soon.A Denial of Service (DoS) attack is any attack that overwhelms a website, causing the content normally provided by that website to no longer be available to regular visitors of the website. Distributed Denial of Service (DDoS) attacks are traffic volumebased attacks originating from a large number of computers, which are usually compromised workstations. These workstations, known as 'zombies', form a widely distributed attack network called a 'botnet'. While many modern Denial of Service attacks are Distributed Denial of Service attacks, this is certainly not true for all denials of service experienced by websites. Therefore, when users first start experiencing difficulty in getting to the website content, it should not be assumed that the site is under a DDoS attack. Many forms of DoS are far easier to implement than DDoS, and so these attacks are still used by parties with malicious intent. Many such DoS attacks are easier to defend against once the mechanism used to cause the denial of service is known. Therefore, it is paramount to do proper analysis of attack traffic when a site becomes unable to perform its normal function. There are two parts to this guide. The first part outlines preparatory steps that can be taken by Civil Society organizations to improve their website's resilience, should it come under attack. However, we do understand that most Civil Society organizations' first introduction to DoS attacks comes when they suddenly find themselves the victim of an attack. The second part of this guide provides a step-by-step process to assist the staff of NGOs to efficiently deal with that stressful situation