{"title":"使用CAPTCHA机制减轻拒绝服务攻击","authors":"Mahendra Mehra, Mayank Agarwal, R. Pawar, D. Shah","doi":"10.1145/1980022.1980086","DOIUrl":null,"url":null,"abstract":"Denial of Service (DoS henceforth) attack is performed solely with the intention to deny the legitimate users to access services. Since DoS attack is usually performed by means of bots, automated software. These bots send a large number of fake requests to the server which exceeds server buffer capacity which results in DoS attack. In this paper we propose an idea to prevent DoS attack on web-sites which ask for user credentials before it allows them to access resources. Our approach is based on CAPTCHA verification. We verify CAPTCHA submitted by user before allowing the access to credentials page. The CAPTCHA would consist of variety of patterns that would be distinct in nature and are randomly generated during each visit to the webpage. Most of the current web sites use a common methodology to generate all its CAPTCHAs. The bots usually take advantage of this approach since bots are able to decipher those CAPTCHAs. A set of distinct CAPTCHA patterns prevents bots to decipher it and consequently helps to reduce the generation of illicit traffic. This preserves the server bandwidth to allow the legitimate users to access the site.","PeriodicalId":197580,"journal":{"name":"International Conference & Workshop on Emerging Trends in Technology","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-02-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":"{\"title\":\"Mitigating denial of service attack using CAPTCHA mechanism\",\"authors\":\"Mahendra Mehra, Mayank Agarwal, R. Pawar, D. Shah\",\"doi\":\"10.1145/1980022.1980086\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Denial of Service (DoS henceforth) attack is performed solely with the intention to deny the legitimate users to access services. Since DoS attack is usually performed by means of bots, automated software. These bots send a large number of fake requests to the server which exceeds server buffer capacity which results in DoS attack. In this paper we propose an idea to prevent DoS attack on web-sites which ask for user credentials before it allows them to access resources. Our approach is based on CAPTCHA verification. We verify CAPTCHA submitted by user before allowing the access to credentials page. The CAPTCHA would consist of variety of patterns that would be distinct in nature and are randomly generated during each visit to the webpage. Most of the current web sites use a common methodology to generate all its CAPTCHAs. The bots usually take advantage of this approach since bots are able to decipher those CAPTCHAs. A set of distinct CAPTCHA patterns prevents bots to decipher it and consequently helps to reduce the generation of illicit traffic. This preserves the server bandwidth to allow the legitimate users to access the site.\",\"PeriodicalId\":197580,\"journal\":{\"name\":\"International Conference & Workshop on Emerging Trends in Technology\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-02-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"31\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Conference & Workshop on Emerging Trends in Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1980022.1980086\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Conference & Workshop on Emerging Trends in Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1980022.1980086","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mitigating denial of service attack using CAPTCHA mechanism
Denial of Service (DoS henceforth) attack is performed solely with the intention to deny the legitimate users to access services. Since DoS attack is usually performed by means of bots, automated software. These bots send a large number of fake requests to the server which exceeds server buffer capacity which results in DoS attack. In this paper we propose an idea to prevent DoS attack on web-sites which ask for user credentials before it allows them to access resources. Our approach is based on CAPTCHA verification. We verify CAPTCHA submitted by user before allowing the access to credentials page. The CAPTCHA would consist of variety of patterns that would be distinct in nature and are randomly generated during each visit to the webpage. Most of the current web sites use a common methodology to generate all its CAPTCHAs. The bots usually take advantage of this approach since bots are able to decipher those CAPTCHAs. A set of distinct CAPTCHA patterns prevents bots to decipher it and consequently helps to reduce the generation of illicit traffic. This preserves the server bandwidth to allow the legitimate users to access the site.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
