doi:10.3850/978-981-08-7301-1_1377

ABSTRACT

In this paper, a mechanism is proposed to mitigate session flooding and request flooding app-DDoS attacks on web servers. App-DDoS attack is Application layer Distributed Denial of Service attack. This attack prevents legitimate users from accessing services. As App-DDoS attacks are indistinguishable based on packets and protocols, network layer solution is not applicable. A lightweight mechanism is proposed which uses trust to differentiate legitimate users and attackers. Trust to client is evaluated based on his visiting history and requests are scheduled in decreasing order of trust. Here license is introduced for user identification and it stores trust information at client side. This mitigation mechanism can be implemented as a java package which can run separately and forward valid requests to server. This mechanism mitigates session flooding attacks only. Further this mechanism can be extended to mitigate request flooding attacks by using Client Puzzle Protocol.

Keywords: DDoS attacks, App-DDoS, Trust.

© 2011 ICCA 2010 Organizers