Mitigating Botnet-based DDoS Attacks against Web Servers

Distributed denial-of-service (DDoS) attacks have become wide-spread on the Internet. They continuously target retail merchants, financial companies and government institutions, disrupting the availability of their online resources and causing millions of dollars of financial losses. Software vulnerabilities and proliferation of malware have helped create a class of application-level DDoS attacks using networks of compromised hosts (botnets). In a botnet-based DDoS attack, an attacker orders large numbers of bots to send seemingly regular HTTP and HTTPS requests to a web server, so as to deplete the server's CPU, disk, or memory capacity. Researchers have proposed client authentication mechanisms, such as CAPTCHA puzzles, to distinguish bot traffic from legitimate client activity and discard bot-originated packets. However, CAPTCHA authentication is vulnerable to denial-of-service and artificial intelligence attacks. This dissertation proposes that clients instead use hardware tokens to authenticate in a federated authentication environment. The federated authentication solution must resist both man-in-the-middle and denial-of-service attacks. The proposed system architecture uses the Kerberos protocol to satisfy both requirements. This work proposes novel extensions to Kerberos to make it more suitable for generic web authentication. A server could verify client credentials and blacklist repeated offenders. Traffic from blacklisted clients, however, still traverses the server's network stack and consumes server resources. This work proposes Sentinel, a dedicated front-end network device that intercepts server-bound traffic, verifies authentication credentials and filters blacklisted traffic before it reaches the server. Using a front-end device also allows transparently deploying hardware acceleration using network co-processors. Network co-processors can discard blacklisted traffic at the hardware level before it wastes front-end host resources. We implement the proposed system architecture by integrating existing software applications and libraries. We validate the system implementation by evaluating its performance under DDoS attacks consisting of floods of HTTP and HTTPS requests

Enhancement of detection mechanisms for HTTP based DoS/DDoS attacks

DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks are some of the vicious network layer attacks present in the world. More than 5.4 million DDoS attacks were reported in the first half of 2021. HTTP based Dos and DDoS attack, a type of DoS and DDoS attack, is a threat to the web applications as it brings damage to the application and the business. This paper sheds light on the current detection mechanisms of HTTP based DoS and DoS attacks and the limitations identified in these detection mechanisms. This paper focuses on the mitigation strategies for the HTTP based DoS and DDoS attacks. It is imperative to create efficient solutions to defend against such cyber-attacks and ensure proper network security in workplaces

A new framework to alleviate DDoS vulnerabilities in cloud computing

In the communication age, the Internet has growing very fast and most industries rely on it. An essential part of Internet, Web applications like online booking, e-banking, online shopping, and e-learning plays a vital role in everyday life. Enhancements have been made in this domain, in which the web servers depend on cloud location for resources. Many organizations around the world change their operations and data storage from local to cloud platforms for many reasons especially the availability factor. Even though cloud computing is considered a renowned technology, it has many challenges, the most important one is security. One of the major issue in the cloud security is Distributed Denial of Service attack (DDoS), which results in serious loss if the attack is successful and left unnoticed. This paper focuses on preventing and detecting DDoS attacks in distributed and cloud environment. A new framework has been suggested to alleviate the DDoS attack and to provide availability of cloud resources to its users. The framework introduces three screening tests VISUALCOM, IMGCOM, and AD-IMGCOM to prevent the attack and two queues with certain constraints to detect the attack. The result of our framework shows an improvement and better outcomes and provides a recovered from attack detection with high availability rate. Also, the performance of the queuing model has been analysed

An SDN-based Approach For Defending Against Reflective DDoS Attacks

Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks

Economic Denial of Sustainability Attacks Mitigation in the Cloud

Cyber security is one of the most attention seeking issues with the increasing advancement of technology specifically when the network availability is threaten by attacks such as Denial of Service attacks (DoS), Distributed DoS attacks (DDoS), and Economic Denial of Sustainability (EDoS). The loss of the availability and accessibility of cloud services have greater impacts than those in the traditional enterprises networks. This paper introduces a new technique to mitigate the impacts of attacks which is called Enhanced DDoS-Mitigation System (Enhanced DDoS-MS) that helps in overcoming the determined security gap. The proposed technique is evaluated experimentally and the result shows that the proposed method adds lower delays as a result of the enhanced security. The paper also suggests some future directions to improve the proposed framework

WARDOG: Awareness detection watchbog for Botnet infection on the host device

Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper presents WARDOG – an awareness and digital forensic system that informs the end-user of the botnet’s infection, exposes the botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all information and automatically generates a unitary documentation for the case. The document contains undisputed forensic information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the low computational/communicational overheads of WARDOG in the field

Mitigating Botnet Attack Using Encapsulated Detection Mechanism (EDM)

Botnet as it is popularly called became fashionable in recent times owing to it embedded force on network servers. Botnet has an exponential growth of about 170, 000 within network server and client infrastructures per day. The networking environment on monthly basis battle over 5 million bots. Nigeria as a country loses above one hundred and twenty five (N125) billion naira to network fraud annually, end users such as Banks and other financial institutions battle daily the botnet threats.Comment: This paper addresses critical area of networ