Skip to main navigation Skip to search Skip to main content

Detection and defense of application-layer DDoS attacks in backbone web traffic

  • Wei Zhou
  • , Weijia Jia
  • , Sheng Wen
  • , Yang Xiang
  • , Wanlei Zhou

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

102   Link opens in a new tab Citations (Scopus)

Abstract

Web servers are usually located in a well-organized data center where these servers connect with the outside Internet directly through backbones. Meanwhile, the application-layer distributed denials of service (AL-DDoS) attacks are critical threats to the Internet, particularly to those business web servers. Currently, there are some methods designed to handle the AL-DDoS attacks, but most of them cannot be used in heavy backbones. In this paper, we propose a new method to detect AL-DDoS attacks. Our work distinguishes itself from previous methods by considering AL-DDoS attack detection in heavy backbone traffic. Besides, the detection of AL-DDoS attacks is easily misled by flash crowd traffic. In order to overcome this problem, our proposed method constructs a Real-time Frequency Vector (RFV) and real-timely characterizes the traffic as a set of models. By examining the entropy of AL-DDoS attacks and flash crowds, these models can be used to recognize the real AL-DDoS attacks. We integrate the above detection principles into a modularized defense architecture, which consists of a head-end sensor, a detection module and a traffic filter. With a swift AL-DDoS detection speed, the filter is capable of letting the legitimate requests through but the attack traffic is stopped. In the experiment, we adopt certain episodes of real traffic from Sina and Taobao to evaluate our AL-DDoS detection method and architecture. Compared with previous methods, the results show that our approach is very effective in defending AL-DDoS attacks at backbones. © 2013 Elsevier B.V. All rights reserved.
Original languageEnglish
Pages (from-to)36-46
JournalFuture Generation Computer Systems
Volume38
DOIs
Publication statusPublished - Sept 2014

Bibliographical note

Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].

Funding

Yang Xiang received his Ph.D. in computer science from Deakin University, Australia. He is currently with the School of Information Technology, Deakin University. His research interests include network and system security, distributed systems, and networking. In particular, he is currently leading a research group developing active defense systems against large-scale distributed network attacks. He is the Chief Investigator of several projects in network and system security, funded by the Australian Research Council (ARC). He has published more than 100 research papers in many international journals and conferences, such as IEEE Transactions on Parallel and Distributed Systems, IEEE Transactions on Information Security and Forensics, and IEEE Journal on Selected Areas in Communications. He has published two books, Software Similarity and Classification (Springer) and Dynamic and Advanced Data Mining for Progressing Technological Development (IGI-Global). He has served as the Program/General Chair for many international conferences such as ICA3PP 12/11, IEEE/IFIP EUC 11, IEEE TrustCom 11, IEEE HPCC 10/09, IEEE ICPADS 08, NSS 11/10/09/08/07. He has been the PC member for more than 50 international conferences in distributed systems, networking, and security. He serves as the Associate Editor of IEEE Transactions on Parallel and Distributed Systems and the Editor of the Journal of Network and Computer Applications. He is a member of the IEEE.

Research Keywords

  • Backbone
  • DDoS attack
  • Model mining

Access Output

Other Access Options

Check CityUHK Library

Permanent Link

Other Files and Links

Fingerprint

Dive into the research topics of 'Detection and defense of application-layer DDoS attacks in backbone web traffic'. Together they form a unique fingerprint.
View full fingerprint

Cite this