Chicago, Illinois, USA
Sept. 18, 2006 to Sept. 22, 2006
Srinivas Padmanabhuni , Infosys Technologies Ltd., Bangalore, India.
Vineet Singh , Infosys Technologies Ltd., Bangalore, India.
K M Senthil Kumar , Infosys Technologies Ltd., Bangalore, India.
Abhishek Chatterjee , Infosys Technologies Ltd., Bangalore, India.
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICWS.2006.102
Today Web services have grown in context of both business to business (B2B) and business to customer (B2C) applications. Web services are the most popular mode of implementing Service Oriented Architecture (SOA). With this growth and acceptance in the industry, the role of security is crucial. Most of the existing security mechanisms in Web services like XML encryption, digital signatures, user tokens etc. provide security on one basic assumption that source of the request is legitimate. But a typical Denial of Service attacker can use these sources as reflectors and play around with the contents of a Web service body to create an attack scenario. In this paper, we propose PreSODoS - a framework to detect and prevent XML based Denial of Service (XDoS) attacks on Web services based applications. The framework relies on content introspection to detect any XDoS possibility. We use a Patricia Trie based representation so that the schemas and the request messages can be compared and validated in a performance efficient manner. PreSODoS is capable of detecting any repetitive request message and sense an attack scenario and trigger corresponding prevention mechanisms.
Srinivas Padmanabhuni, Vineet Singh, K M Senthil Kumar, Abhishek Chatterjee, "Preventing Service Oriented Denial of Service (PreSODoS): A Proposed Approach", ICWS, 2006, 2013 IEEE 20th International Conference on Web Services, 2013 IEEE 20th International Conference on Web Services 2006, pp. 577-584, doi:10.1109/ICWS.2006.102