{"title":"基于透明FPGA的SQL DDoS缓解设备","authors":"Karthikeyan Pandiyarajan, Srijith Haridas, Kuruvilla Varghese","doi":"10.1109/FPT.2013.6718334","DOIUrl":null,"url":null,"abstract":"A Distributed Denial-of-Service attack is an attempt to make a computer resource unavailable to its intended users. Typically, a large number of bots are triggered by an attacker simultaneously to create a huge load on a web server and bring it down. However, when processing SQL queries on a web server, owing to huge resource requirements, even a small number of queries from smaller set of bots can create huge load on the server. Such sophisticated application layer attacks go undetected by network security solutions under deployment today. Therefore, we propose an SQL DDoS Mitigator device that focuses on preventing such attacks targeting SQL database resources. It can parse packets at line speed, with a maximum latency of 20μs for detecting HTTP GET packets with embedded SQL queries. The query pattern information for requester IP addresses are stored in a red-black tree data structure. Clients crossing the limit of server load, dynamically set on the basis of server state, will be re-directed to a CAPTCHA server for identification of bots. The IPs confirmed as bots are black-listed for a configurable timeout period. The complete system, except the CAPTCHA server, is built on “Xilinx Virtex-II Pro 50” FPGA based NetFPGA-1G platform. The device achieved a throughput of 400 Kilo Packets/s in a 1 Gbps network.","PeriodicalId":344469,"journal":{"name":"2013 International Conference on Field-Programmable Technology (FPT)","volume":"128 8","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Transparent FPGA based device for SQL DDoS mitigation\",\"authors\":\"Karthikeyan Pandiyarajan, Srijith Haridas, Kuruvilla Varghese\",\"doi\":\"10.1109/FPT.2013.6718334\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A Distributed Denial-of-Service attack is an attempt to make a computer resource unavailable to its intended users. Typically, a large number of bots are triggered by an attacker simultaneously to create a huge load on a web server and bring it down. However, when processing SQL queries on a web server, owing to huge resource requirements, even a small number of queries from smaller set of bots can create huge load on the server. Such sophisticated application layer attacks go undetected by network security solutions under deployment today. Therefore, we propose an SQL DDoS Mitigator device that focuses on preventing such attacks targeting SQL database resources. It can parse packets at line speed, with a maximum latency of 20μs for detecting HTTP GET packets with embedded SQL queries. The query pattern information for requester IP addresses are stored in a red-black tree data structure. Clients crossing the limit of server load, dynamically set on the basis of server state, will be re-directed to a CAPTCHA server for identification of bots. The IPs confirmed as bots are black-listed for a configurable timeout period. The complete system, except the CAPTCHA server, is built on “Xilinx Virtex-II Pro 50” FPGA based NetFPGA-1G platform. The device achieved a throughput of 400 Kilo Packets/s in a 1 Gbps network.\",\"PeriodicalId\":344469,\"journal\":{\"name\":\"2013 International Conference on Field-Programmable Technology (FPT)\",\"volume\":\"128 8\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 International Conference on Field-Programmable Technology (FPT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FPT.2013.6718334\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Conference on Field-Programmable Technology (FPT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FPT.2013.6718334","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
摘要
分布式拒绝服务攻击是试图使计算机资源对其目标用户不可用。通常,攻击者会同时触发大量的僵尸程序,在web服务器上造成巨大的负载并使其崩溃。然而,当在web服务器上处理SQL查询时,由于巨大的资源需求,即使是来自较小bot集的少量查询也会在服务器上产生巨大的负载。目前部署的网络安全解决方案无法检测到这种复杂的应用层攻击。因此,我们提出了一种SQL DDoS缓解器设备,专注于防止针对SQL数据库资源的此类攻击。它可以以线速度解析数据包,对于使用嵌入式SQL查询检测HTTP GET数据包,最大延迟为20μs。请求者IP地址的查询模式信息存储在红黑树数据结构中。超过服务器负载限制的客户端(根据服务器状态动态设置)将被重定向到CAPTCHA服务器以识别机器人。确认为机器人的ip将在可配置的超时时间内被列入黑名单。除了CAPTCHA服务器外,整个系统都是建立在基于NetFPGA-1G平台的“Xilinx Virtex-II Pro 50”FPGA上。该设备在1gbps的网络中实现了400kpackets /s的吞吐量。
Transparent FPGA based device for SQL DDoS mitigation
A Distributed Denial-of-Service attack is an attempt to make a computer resource unavailable to its intended users. Typically, a large number of bots are triggered by an attacker simultaneously to create a huge load on a web server and bring it down. However, when processing SQL queries on a web server, owing to huge resource requirements, even a small number of queries from smaller set of bots can create huge load on the server. Such sophisticated application layer attacks go undetected by network security solutions under deployment today. Therefore, we propose an SQL DDoS Mitigator device that focuses on preventing such attacks targeting SQL database resources. It can parse packets at line speed, with a maximum latency of 20μs for detecting HTTP GET packets with embedded SQL queries. The query pattern information for requester IP addresses are stored in a red-black tree data structure. Clients crossing the limit of server load, dynamically set on the basis of server state, will be re-directed to a CAPTCHA server for identification of bots. The IPs confirmed as bots are black-listed for a configurable timeout period. The complete system, except the CAPTCHA server, is built on “Xilinx Virtex-II Pro 50” FPGA based NetFPGA-1G platform. The device achieved a throughput of 400 Kilo Packets/s in a 1 Gbps network.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
