基于模型的自适应DoS攻击缓解

2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS) Pub Date : 2012-06-04 DOI:10.1109/SEAMS.2012.6224398

C. Barna, Mark Shtern, Michael Smit, Vassilios Tzerpos, Marin Litoiu

{"title":"基于模型的自适应DoS攻击缓解","authors":"C. Barna, Mark Shtern, Michael Smit, Vassilios Tzerpos, Marin Litoiu","doi":"10.1109/SEAMS.2012.6224398","DOIUrl":null,"url":null,"abstract":"Denial of Service (DoS) attacks overwhelm online services, preventing legitimate users from accessing a service, often with impact on revenue or consumer trust. Approaches exist to filter network-level attacks, but application level attacks are harder to detect at the firewall. Filtering at this level can be computationally expensive and difficult to scale, while still producing false positives that block legitimate users. This paper presents a model-based adaptive architecture and algorithm for detecting DoS attacks at the web application level and mitigating them. Using a performance model to predict the impact of arriving requests, a decision engine adaptively generates rules for filtering traffic and sending suspicious traffic for further review, which may ultimately result in dropping the request or presenting the end user with a CAPTCHA to verify they are a legitimate user. Experiments performed on a scalable implementation demonstrate effective mitigation of attacks launched using a real-world DoS attack tool.","PeriodicalId":312871,"journal":{"name":"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"36","resultStr":"{\"title\":\"Model-based adaptive DoS attack mitigation\",\"authors\":\"C. Barna, Mark Shtern, Michael Smit, Vassilios Tzerpos, Marin Litoiu\",\"doi\":\"10.1109/SEAMS.2012.6224398\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Denial of Service (DoS) attacks overwhelm online services, preventing legitimate users from accessing a service, often with impact on revenue or consumer trust. Approaches exist to filter network-level attacks, but application level attacks are harder to detect at the firewall. Filtering at this level can be computationally expensive and difficult to scale, while still producing false positives that block legitimate users. This paper presents a model-based adaptive architecture and algorithm for detecting DoS attacks at the web application level and mitigating them. Using a performance model to predict the impact of arriving requests, a decision engine adaptively generates rules for filtering traffic and sending suspicious traffic for further review, which may ultimately result in dropping the request or presenting the end user with a CAPTCHA to verify they are a legitimate user. Experiments performed on a scalable implementation demonstrate effective mitigation of attacks launched using a real-world DoS attack tool.\",\"PeriodicalId\":312871,\"journal\":{\"name\":\"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)\",\"volume\":\"71 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"36\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SEAMS.2012.6224398\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEAMS.2012.6224398","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 36

摘要

拒绝服务(DoS)攻击使在线服务不堪重负，阻止合法用户访问服务，通常会影响收入或消费者信任。存在过滤网络级攻击的方法，但应用程序级攻击很难在防火墙中检测到。这种级别的过滤在计算上可能很昂贵，而且难以扩展，同时仍然会产生误报，从而阻止合法用户。本文提出了一种基于模型的自适应体系结构和算法，用于在web应用级检测和缓解DoS攻击。决策引擎使用性能模型来预测到达请求的影响，自适应地生成过滤流量和发送可疑流量以进行进一步审查的规则，这可能最终导致丢弃请求或向最终用户提供CAPTCHA以验证他们是合法用户。在可扩展的实现上进行的实验证明了使用真实的DoS攻击工具发起的攻击的有效缓解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Model-based adaptive DoS attack mitigation

Denial of Service (DoS) attacks overwhelm online services, preventing legitimate users from accessing a service, often with impact on revenue or consumer trust. Approaches exist to filter network-level attacks, but application level attacks are harder to detect at the firewall. Filtering at this level can be computationally expensive and difficult to scale, while still producing false positives that block legitimate users. This paper presents a model-based adaptive architecture and algorithm for detecting DoS attacks at the web application level and mitigating them. Using a performance model to predict the impact of arriving requests, a decision engine adaptively generates rules for filtering traffic and sending suspicious traffic for further review, which may ultimately result in dropping the request or presenting the end user with a CAPTCHA to verify they are a legitimate user. Experiments performed on a scalable implementation demonstrate effective mitigation of attacks launched using a real-world DoS attack tool.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)

自引率

0.00%

发文量