2013 IEEE 20th International Conference on Web Services (2006)
Chicago, Illinois, USA
Sept. 18, 2006 to Sept. 22, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICWS.2006.102
K M Senthil Kumar , Infosys Technologies Ltd., Bangalore, India.
Srinivas Padmanabhuni , Infosys Technologies Ltd., Bangalore, India.
Abhishek Chatterjee , Infosys Technologies Ltd., Bangalore, India.
Vineet Singh , Infosys Technologies Ltd., Bangalore, India.
Today Web services have grown in context of both business to business (B2B) and business to customer (B2C) applications. Web services are the most popular mode of implementing Service Oriented Architecture (SOA). With this growth and acceptance in the industry, the role of security is crucial. Most of the existing security mechanisms in Web services like XML encryption, digital signatures, user tokens etc. provide security on one basic assumption that source of the request is legitimate. But a typical Denial of Service attacker can use these sources as reflectors and play around with the contents of a Web service body to create an attack scenario. In this paper, we propose PreSODoS - a framework to detect and prevent XML based Denial of Service (XDoS) attacks on Web services based applications. The framework relies on content introspection to detect any XDoS possibility. We use a Patricia Trie based representation so that the schemas and the request messages can be compared and validated in a performance efficient manner. PreSODoS is capable of detecting any repetitive request message and sense an attack scenario and trigger corresponding prevention mechanisms.
K M Senthil Kumar, Srinivas Padmanabhuni, Abhishek Chatterjee, Vineet Singh, "Preventing Service Oriented Denial of Service (PreSODoS): A Proposed Approach", 2013 IEEE 20th International Conference on Web Services, vol. 00, no. , pp. 577-584, 2006, doi:10.1109/ICWS.2006.102