This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Sustaining Availability of Web Services under Distributed Denial of Service Attacks
February 2003 (vol. 52 no. 2)
pp. 195-208

Abstract—The recent tide of Distributed Denial of Service (DDoS) attacks against high-profile web sites demonstrate how devastating DDoS attacks are and how defenseless the Internet is under such attacks. We design a practical DDoS defense system that can protect the availability of web services during severe DDoS attacks. The basic idea behind our system is to isolate and protect legitimate traffic from a huge volume of DDoS traffic when an attack occurs. Traffic that needs to be protected can be recognized and protected using efficient cryptographic techniques. Therefore, by provisioning adequate resource (e.g., bandwidth) to legitimate traffic separated by this process, we are able to provide adequate service to a large percentage of clients during DDoS attacks. The worst-case performance (effectiveness) of the system is evaluated based on a novel game theoretical framework, which characterizes the natural adversarial relationship between a DDoS adversary and the proposed system. We also conduct a simulation study to verify a key assumption used in the game-theoretical analysis and to demonstrate the system dynamics during an attack.

[1] Ucb Network Simulator—ns (version 2), 2001.
[2] “The Economic Impacts of Unacceptable Web Site Download Speeds,” technical report, Zona Research Inc.,http://www.isi.edu/gost/publications/kerberos-neuman-tso.htmlhttp:/ /www.keynote.com/ solutions/assets/appletswp_downloadspeed.pdf , 1999.
[3] Distributed Denial of Service Attack Tools, 2001.
[4] S. Bellovin, “Internet Draft: Icmp Traceback Messages,” technical report, Network Working Group, Mar. 2000.
[5] H. Burch and B. Cheswick, “Tracing Anonymous Packets to Their Approximate Source,” Proc. Usenix LISA 2000, Dec. 2000.
[6] Z. Cao, Z. Wang, and E. Zegura, “Performance of Hashing-Based Schemes for Internet Load Balancing,” Proc. Infocom 2000, Mar. 2000.
[7] CERT, “TCP Syn Flooding and IP Spoofing Attacks,” Advisory CA-96.21, Sept. 1996.
[8] T. Chen and S. Liu, ATM Switching Systems. Boston: Artech House, 1995.
[9] H. Choi and J. Limb, “A Behavior Model of a Web Traffic,” Proc. Int'l Conf. Network Protocols (ICNP '99), Sept. 1999.
[10] D. Dean, M. Franklin, and A. Stubblefield, “An Algebraic Approach to IP Traceback,” Proc. Network and Distributed System Security Symp. (NDSS 2001), pp. 3-12, Feb. 2001.
[11] T. Doeppner, P. Klein, and A. Koyfman, “Using Router Stamping to Identify the Source of IP Packets,” Proc. ACM Conf. Computer and Comm. Security (CCS-7), pp. 184-189, Nov. 2000.
[12] R. Ganesan, “Yaksha: Augmenting Kerberos with Public-Key Cryptography,” 1995.
[13] L. Garber, Denial-of-Service Attacks Rip the Internet Computer, vol. 33, no. 4, pp. 12-17, Apr. 2000.
[14] T. Gil and M. Poletto, “Multops: A Data-Structure for Bandwidth Attack Detection,” Proc. 10th Usenix Security Symp., Aug. 2001.
[15] J. Heidemann, K. Obracza, and J. Touch, Modeling the Performance of HTTP over Several Transport Protocols IEEE/ACM Trans. Networking, pp. 616-631, Oct. 1997.
[16] J.D. Howard, An Analysis of Security Incidents on the Internet 1989-1995, doctoral dissertation, Carnegie Mellon Univ., Pittsburgh, Pa., 1995.
[17] IETF, Photuris: Session-Key Management Protocol, Mar. 1999.
[18] Checkpoint Inc., “TCP Syn Flooding Attack and the Firewall-1 Syndefender,” http://www.checkpoint.com/products/firewall-1 syndefender.html, 1997
[19] Z. Jiang, Y. Ge, and Y. Li, “Max-Utility Wireless Resource Management for Best Effort Traffic,” Jan. 2002.
[20] A. Jones, Game Theory: Mathematical Models of Conflict. John Wiley&Sons, 1980.
[21] A. Juels and J. Brainard, “Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks,” Proc. Network and Distributed System Security Symp. (NDSS '99), Mar. 1999.
[22] F. Kargl, J. Maier, S. Schlott, and M. Weber, “Protecting Web Servers from Distributed Denial of Service Attacks,” WWW-10, May 2001.
[23] S. Kent and R. Atkinson, Security Architecture for the Internet Protocol. IPSEC Working Group, May 1998.
[24] B. Mah, “An Empirical Model of http Network Traffic,” Proc. Infocom '97, Apr. 1997.
[25] R. Mahajan, S. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling High Bandwidth Aggregates in the Network,” technical report, ACIRI and AT&T Labs Research, Feb. 2001.
[26] C. Meadows, “A Formal Framework and Evaluation Method for Network Denial of Service,” Proc. 1999 IEEE Computer Security Foundations Workshop, June 1999.
[27] B.C. Neuman and T. Ts'o, "Kerberos: An Authentication Service for Computer Networks," IEEE Comm., vol. 32, no. 9, Sep. 1994, pp. 33-38; available at.
[28] V.N. Padmanabhan and J.C. Mogul, "Improving HTTP Latency," Computer Networks and ISDN Systems, vol. 28, nos. 1and 2, pp. 25-35, 1996.
[29] K. Park and H. Lee, “On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack,” Proc. IEEE Infocom 2001, Apr. 2000.
[30] W. Lee and K. Park, "On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets," Proc. SIGCOMM, ACM Press, 2001, pp. 15-26.
[31] C. Partridge, P.P. Carvey, E. Burgess, I. Castineyra, T. Clarke, L. Graham, M. Hathaway, P. Herman, A. King, S. Kohalmi, T. Ma, and J. Mcallen, “A 50-Gb/s IP Router,” IEEE/ACM Trans. Networking, vol. 6, no. 3, pp. 237-248, June 1998.
[32] J. Postel, “Rfc 793: Transmission Control Protocol,” technical report, Internet Soc., Sept. 1980.
[33] M.K. Reiter, M.K. Franklin, J.B. Lacy, and R.N. Wright, “The Omega Key Management Service,” Proc. ACM Conf. Computer and Comm. Security, pp. 38-47, 1996.
[34] A. Rice, “Defending Networks from Syn Flooding in Depth,” technical report, Sans Inst., Dec. 2000.
[35] S. Savage et al., "Practical Network Support for IP Traceback," Proc. 2000 ACM SIGCOMM, vol. 30, no. 4,ACM Press, New York, Aug. 2000, pp. 295-306; available online at.
[36] C. Schuba et al., Analysis of a Denial of Service Attack on TCP Proc. IEEE Symp. Security and Privacy, 1997.
[37] M. Shreedhar and G. Varghese, "Efficient Fair Queuing using Deficit Round Robin," ACM Computer Comm. Review, Vol. 25, No. 4, 1995, pp. 231-242.
[38] A. Snoeren et al., “Hash-Based IP Traceback,” Proc. ACM SIGCOMM 2001, Aug. 2001.
[39] D. Song and A. Perrig, Advanced and Authenticated Marking Schemes for IP Traceback Proc. Infocom, Apr. 2001.
[40] O. Spatscheck and L. Peterson, "Defending Against Denial of Service Attacks in Scout," Proc. Third Symp. Operating Systems Design and Implementation, ACM Press, New York, Feb. 1999, pp. 59-72.
[41] W.R. Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, Reading, Mass., 1994.
[42] B. Suter, T. Lakshman, D. Stiliadis, and A. Choudhury, “Design Considerations for Supporting TCP with Per-Flow Queueing,” Proc. IEEE INFOCOM '98, Mar. 1998.
[43] J. Xu, “Sustaining Availability of Web Services under Severe Denial of Service Attacks,” technical report, Georgia Inst. of Tech nology, May 2001.
[44] L. Zhang, S. Deering, D. Estrin, S. Shenker, and D. Zappala, "RSVP: A New Resource Reservation Protocol," IEEE Network, vol. 7, no. 5, pp. 8-18, Sept. 1993.
[45] L. Zhou, F. Schneider, and R. Renesse, “Coca: A Secure Distributed On-Line Certification Authority,” technical report, Dept. of Computer Science, Cornell Univ., Dec. 2000.

Index Terms:
Availability, survivability, game theory, Distributed Denial of Service (DDoS), World-Wide Web.
Citation:
Jun Xu, Wooyong Lee, "Sustaining Availability of Web Services under Distributed Denial of Service Attacks," IEEE Transactions on Computers, vol. 52, no. 2, pp. 195-208, Feb. 2003, doi:10.1109/TC.2003.1176986
Usage of this product signifies your acceptance of the Terms of Use.