Protecting Web applications from DDoS attacks by an active distributed defense system

International Journal of Web Information Systems

Volumn 2, Issue 1, 2006, Pages 37-44

  Xiang, Yang ^a   Zhou, Wanlei ^a  

^a DEAKIN UNIVERSITY   (Australia)

Author keywords

Active distributed defense system; Distributed Denial of Service; Network congestion; Web application

Indexed keywords

COMMERCIAL WEBSITES; DISTRIBUTED DEFENSE SYSTEMS; DISTRIBUTED DENIAL OF SERVICE; DISTRIBUTED DENIAL OF SERVICE ATTACK; LEGITIMATE USERS; NETWORK CONGESTIONS; OVERALL NETWORKS; WEB APPLICATION;

APPLICATIONS; WEBSITES;

NETWORK SECURITY;

EID: 43549088385     PISSN: 17440084     EISSN: None     Source Type: Journal    
DOI: 10.1108/17440080680000099     Document Type: Article

References (25)

1. Arnfield, R. (2004) Credit-card processor hit by DDoS attack. News-Factor Magazine, September 23. http://www.newsfactor.com/story.xhtml?story-id=27154.
2. Ashrafi, M. Z., Taniar, D. and Smith, K. A. (2004) Reducing communication cost in privacy preserving distributed association rule mining. Database Systems for Advanced Applications, Lecture Notes in Computer Science, 2973: 381-392.
3. Ashrafi, M. Z., Taniar, D. and Smith, K. A. (2005) PPDAM: Privacy preserving distributed association rule mining algorithm. Int. J. Intel. Infor. Technol. 1(1): 49-69.
4. Bellovin, S. M. (2000) ICMP traceback messages. Internet Draft, Network Working Group.
5. CERT. Computer emergency response team. http://www.cert.org.
6. Crosby, S. A. and Wallach, D. S. (2003) Denial of service via algorithmic complexity attacks. Proc. of 12th USENIX Security Symposium, pagpp.es 29-44.
7. Derbas, G., Kayssi, A., Chehab, A., Artail, H. and Tajeddine, A. (2005) A trust model for distributed systems based on reputation. Int. J. Web & Grid Services, 1(3/4): 416-447.
8. Dustdar, S. and Schreiner, W. (2005) A survey on web services composition. Int. J. Web & Grid Services, 1(1): 1-30.
9. Endres, C.h., Butz, A. and MacWilliams, A. (2005) A survey of software infrastructures and frameworks for ubiquitous computing. Mobile Information Systems, 1(1): 41-80.
10. Geer, D. Taking steps to secure web services. IEEE Computer, 36(10): 14-16.
11. Gil, T. M. and Poletto, M. (2001) MULTOPS: a data-structure for bandwidth attack detection. Proc. of 10th Usenix Security Symposium.
12. Householder, A., Manion, A., Pesante, L., Weaver, G. M. and Thomas, R. (2001) Managing the threat of denial-of-service attacks, CERT. http://www.cert.org/archive/pdf/Managing-DoS.pdf.
13. Jung, J., Krishnamurthy, B. and Rabinovich, M. (2002) Flash crowds and denial of service attacks: Characterization and implications for CDNs and web sites. Proc. of the International World Wide Web Conference, pp. 252-262.
14. Li, M., Chi, C., Jia, W., Zhao, W., Zhou, W., Cao, J., Long D. and Meng, Q. (2003) Decision analysis of statistically detecting distributed denial-of-service flooding attacks. Int. J. Infor. Technol. and Decision Making, 2(3): 397-405.
15. Mahajan, R., Bellovin, S. M. and Floyd, S. (2002) Controlling high bandwidth aggregates in the network. Computer Communications Review, 32(3): 62-73.
16. Mirkovic, J., Prier, G. and Reiher, P. (2003) Source-end DDoS defense. Proc. of the 2nd IEEE International Symposium on Network Computing and Applications.
17. Naraine, R. (2002) Massive DDoS attack hit dns root servers, Developer october 23. http://www.internetnews.com/dev-news/article.php/1486981.
18. Naraine, R. and Singer, M. (2001) Hackers deface web sites; FBI issues DDoS warning. http://www.internetnews.com/dev-news/article.php/760451.
19. Papadopoulos, C., Lindell, R., Mehringer, J., Hussain, A. and Govindan, R. (2003) Cossack: Coordinated suppression of simultaneous attacks. DARPA Information Survivability Conference and Exposition III, pp. 2-13.
20. Park, K. and Lee, H. (2001) On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internet. Proc. of ACM SIGCOMM, pp. 15-26. (Pubitemid 32981951)
21. Peng, T., Christopher, L. and Kotagiri, R. (2003) Protection from distributed denial of service attack using history-based IP filtering. Proc. of IEEE ICC, pp. 482-486.
22. Pollak, M. (1986) Optimal detection of a change in distribution. The Annals of Statistics, 13: 206-227.
23. SSFNet. Scalable simulation framework. http://www.ssfnet.org.
24. Xiang, Y. and Zhou, W. (2004) Trace IP packets by flexible deterministic packet marking (FDPM). Proc. of IEEE International Workshop on IP Operations and Management, pp. 246-252. (Pubitemid 41775569)
25. Xiang, Y., Zhou, W. and Chowdhury, M. (2004) A survey of active and passive defence mechanisms against DDoS attacks.k Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia.