WebSOS: Protecting Web Servers From DDoS Attacks (2003) [7 citations — 5 self]

Download:

by Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein

In: Proceedings of the 11th IEEE International Conference on Networks (ICON). (2003) 455–460

http://www1.cs.columbia.edu/~angelos/Papers/websos-icon.pdf

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Cook03websos:protecting,
    author = {Debra L. Cook and William G. Morein and Angelos D. Keromytis and Vishal Misra and Daniel Rubenstein},
    title = {WebSOS: Protecting Web Servers From DDoS Attacks},
    booktitle = {In: Proceedings of the 11th IEEE International Conference on Networks (ICON). (2003) 455–460},
    year = {2003},
    pages = {455--460}
}

Abstract:

Abstract — We present the WebSOS architecture, a mechanism for countering denial of service (DoS) attacks against web servers. WebSOS uses a combination of overlay networking, contentbased routing, and aggressive packet filtering to guarantee access to a service that is targeted by a DoS attack. Our approach requires no modifications to servers or browsers, and makes use of the web proxy feature and TLS client authentication supported by modern browsers. We use a WebSOS prototype to conduct a preliminary performance evaluation both on the local area network and over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency imposed by the architecture to increase by a factor of 5 on average. We conclude that this overhead is reasonable in the context of a determined DoS attack.

Citations

2119	Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications – Stoica - 2001
1753	A Scalable Content-Addressable Network – Ratnasamy, Francis, et al. - 2001
352	Practical network support for IP traceback – Savage, Wetherall, et al. - 2000
330	A Blueprint for Introducing Disruptive Technology into the Internet – Peterson, Culler, et al. - 2002
320	Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the World Wide Web – Karger, Lehman, et al. - 1997
163	Implementing pushback: Router-based defense against DDoS attacks – Ioannidis, Bellovin - 2002
139	An algebraic approach to ip traceback – Dean, Franklin, et al. - 2002
119	Onion Routing for Anonymous and Private Internet Connections – Goldschlag, Reed, et al. - 1999
99	Implementing a Distributed Firewall – Ioannidis, Keromytis, et al. - 2000
67	X.509: The Directory Authentication Framework – CCITT - 1989
66	Implementing protection domains in the Java Development Kit 1.2 – GONG, SCHEMERS - 1989
60	secure overlay services – KEROMYTIS, MISRA, et al.
38	The Platform for – Cranor, Langheinrich, et al. - 2002
28	Protecting web servers from distributed denial of service attacks – Kargl, Maier, et al.
23	A Study of the Relative Costs of Network Security Protocols – Miltchev, Ioannidis, et al.
21	Decentralized user-role assignment for Web-based intranets – Sandhu, Park - 1998
15	The tls protocol version 1.0,” RFC 2246 – Dierks, Allen - 1999
2	Key and Sequence Number Extensions to – Dommety - 2000

View or Download | Add to My Collection | Correct Errors