Transparent FPGA based device for SQL DDoS mitigation

Abstract

A Distributed Denial-of-Service attack is an attempt to make a computer resource unavailable to its intended users. Typically, a large number of bots are triggered by an attacker simultaneously to create a huge load on a web server and bring it down. However, when processing SQL queries on a web server, owing to huge resource requirements, even a small number of queries from smaller set of bots can create huge load on the server. Such sophisticated application layer attacks go undetected by network security solutions under deployment today. Therefore, we propose an SQL DDoS Mitigator device that focuses on preventing such attacks targeting SQL database resources. It can parse packets at line speed, with a maximum latency of 20μs for detecting HTTP GET packets with embedded SQL queries. The query pattern information for requester IP addresses are stored in a red-black tree data structure. Clients crossing the limit of server load, dynamically set on the basis of server state, will be re-directed to a CAPTCHA server for identification of bots. The IPs confirmed as bots are black-listed for a configurable timeout period. The complete system, except the CAPTCHA server, is built on “Xilinx Virtex-II Pro 50” FPGA based NetFPGA-1G platform. The device achieved a throughput of 400 Kilo Packets/s in a 1 Gbps network.