Defense techniques for low-rate DoS attacks against application servers

a b s t r a c t Low-rate denial of service (DoS) attacks have recently emerged as new strategies for denying networking services. Such attacks are capable of discovering vulnerabilities in protocols or applications behavior to carry out a DoS with low-rate traffic. In this paper, we focus on a specific attack: the low-rate DoS attack against application servers, and address the task of finding an effective defense against this attack. Different approaches are explored and four alternatives to defeat these attacks are suggested. The techniques proposed are based on modifying the way in which an application server accepts incoming requests. They focus on protective measures aimed at (i) preventing an attacker from capturing all the positions in the incoming queues of applications, and (ii) randomizing the server operation to eliminate possible vulnerabilities due to predictable behaviors. We extensively describe the suggested techniques, discussing the benefits and drawbacks for each under two criteria: the attack efficiency reduction obtained, and the impact on the normal operation of the server. We evaluate the proposed solutions in a both a simulated and a real environment, and provide guidelines for their implementation in a production system

ADVANCED RANDOM TIME QUEUE BLOCKING WITH TRAFFIC PREDICTION FOR DEFENSE OF LOW-RATE DOS ATTACKS AGAINST APPLICATION SERVERS

Among many strategies of Denial of Services, low-rate traffic denial-of-service (DoS) attacks are more significant. This strategy denies the services of a network by detection of the vulnerabilities in performance of the application. In this research, an efficient defence methodology is developed against low-rate DoS attack in the application servers. Though, the Improved Random Time Queue Blocking (IRTQB) technique can eliminate the vulnerabilities in the network and also avoiding the attacker from capturing all the server queue positions by defining a spatial similarity metric (SSM). However, the differentiation of the attack requests from the legitimate users’ is not always efficient since only the source IP addresses and the record timestamp are considered in the SSM. It was improved by using Advanced Random Time Queue Blocking (ARTQB) scheme that employed Bandwidth utilization of attacker in IRTQB to detect the DoS attack that normally consumes a huge number of resources of the server. However, this method becomes ineffective when the attack consumes more network traffic. In this paper, an efficient detection technique called Advanced Random Time Queue Blocking with Traffic Prediction (ARTQB-TP) is proposed for defining SSM which contains, Source IP, timestamp, Bandwidth between two requests and the difference between the attack traffic and legitimate traffic. The ARTQB-TP technique is utilized to reduce the attack efficiency in 18 different server configurations which are more vulnerable to the DoS attacks and where the attacks may also have a chance to improve its effectiveness. Experimental results show that the proposed system performs better protection of application servers against the LRDoS attacks by solving its impacts on any kind of server architectures and reduced the attack efficiencies of all the types of attack strategies

Towards smarter SDN switches:revisiting the balance of intelligence in SDN networks

Software Defined Networks (SDNs) represent a new model for building networks, in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts. While SDN has been shown to be highly beneficial, some of its core features (e.g separation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks. We investigate in this thesis, the opportunity for such Denial of Service attacks in more recent versions of SDN and extensively evaluate its effect on a legitimate user’s throughput. In light of the potential for such DoS attacks which specifically target the SDN infrastructure (controller, switch flow table etc), we propose that increasing the intelligence of SDN switches can increase the resilience of the SDN network by preventing attack traffic from entering the network at its source. To demonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks