Home > Research > Publications & Outputs > SENTRY

Links

Text available via DOI:

View graph of relations

SENTRY: A novel approach for mitigating application layer DDoS threats

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

SENTRY: A novel approach for mitigating application layer DDoS threats. / Zhang, H.; Taha, A.; Trapero, R. et al.
2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, 2016. p. 465-472.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Zhang, H, Taha, A, Trapero, R, Luna, J & Suri, N 2016, SENTRY: A novel approach for mitigating application layer DDoS threats. in 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, pp. 465-472. https://doi.org/10.1109/TrustCom.2016.0098

APA

Zhang, H., Taha, A., Trapero, R., Luna, J., & Suri, N. (2016). SENTRY: A novel approach for mitigating application layer DDoS threats. In 2016 IEEE Trustcom/BigDataSE/ISPA (pp. 465-472). IEEE. https://doi.org/10.1109/TrustCom.2016.0098

Vancouver

Zhang H, Taha A, Trapero R, Luna J, Suri N. SENTRY: A novel approach for mitigating application layer DDoS threats. In 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE. 2016. p. 465-472 doi: 10.1109/TrustCom.2016.0098

Author

Zhang, H. ; Taha, A. ; Trapero, R. et al. / SENTRY : A novel approach for mitigating application layer DDoS threats. 2016 IEEE Trustcom/BigDataSE/ISPA. IEEE, 2016. pp. 465-472

Bibtex

@inproceedings{a3c08f395c26478783d6f7235a00bcbe,
title = "SENTRY: A novel approach for mitigating application layer DDoS threats",
abstract = "Cloud services are attractive with their advocated technical and economic advantages of transparent resource access, scalability, elasticity and multiple others. However, Cloud services also suffer from multiple infrastructure and application-level threats, with the application-layer distributed denial of service (DDoS) attack being one of the harder ones to mitigate. These attacks typically block the targeted servers by consuming the available resources to result in performance degradation along with the reduced availability of services. While some existing schemes (e.g., intrusion detection/protection) are effective for selective attacks, the evolving application layer DDoS attacks are often able to bypass them. We address this problem by proposing and validating a novel and efficient methodology, termed SENTRY, that specifically aims to mitigate application-layer DDoS attacks. SENTRY utilizes a challenge-response approach that: (a) analyses the attackers physical bandwidth resources, (b) dynamically adapts to the varied work load scenarios, and (c) blocks suspicious service requests from dishonest clients. {\textcopyright} 2016 IEEE.",
keywords = "Big data, Data privacy, Distributed computer systems, Distributed database systems, Intrusion detection, Network security, Web services, Application layers, Application level, Bandwidth resource, Challenge response, Distributed denial of service attack, Economic advantages, Performance degradation, Service requests, Denial-of-service attack",
author = "H. Zhang and A. Taha and R. Trapero and J. Luna and Neeraj Suri",
year = "2016",
month = aug,
day = "23",
doi = "10.1109/TrustCom.2016.0098",
language = "English",
isbn = "9781509032068",
pages = "465--472",
booktitle = "2016 IEEE Trustcom/BigDataSE/ISPA",
publisher = "IEEE",

}

RIS

TY - GEN

T1 - SENTRY

T2 - A novel approach for mitigating application layer DDoS threats

AU - Zhang, H.

AU - Taha, A.

AU - Trapero, R.

AU - Luna, J.

AU - Suri, Neeraj

PY - 2016/8/23

Y1 - 2016/8/23

N2 - Cloud services are attractive with their advocated technical and economic advantages of transparent resource access, scalability, elasticity and multiple others. However, Cloud services also suffer from multiple infrastructure and application-level threats, with the application-layer distributed denial of service (DDoS) attack being one of the harder ones to mitigate. These attacks typically block the targeted servers by consuming the available resources to result in performance degradation along with the reduced availability of services. While some existing schemes (e.g., intrusion detection/protection) are effective for selective attacks, the evolving application layer DDoS attacks are often able to bypass them. We address this problem by proposing and validating a novel and efficient methodology, termed SENTRY, that specifically aims to mitigate application-layer DDoS attacks. SENTRY utilizes a challenge-response approach that: (a) analyses the attackers physical bandwidth resources, (b) dynamically adapts to the varied work load scenarios, and (c) blocks suspicious service requests from dishonest clients. © 2016 IEEE.

AB - Cloud services are attractive with their advocated technical and economic advantages of transparent resource access, scalability, elasticity and multiple others. However, Cloud services also suffer from multiple infrastructure and application-level threats, with the application-layer distributed denial of service (DDoS) attack being one of the harder ones to mitigate. These attacks typically block the targeted servers by consuming the available resources to result in performance degradation along with the reduced availability of services. While some existing schemes (e.g., intrusion detection/protection) are effective for selective attacks, the evolving application layer DDoS attacks are often able to bypass them. We address this problem by proposing and validating a novel and efficient methodology, termed SENTRY, that specifically aims to mitigate application-layer DDoS attacks. SENTRY utilizes a challenge-response approach that: (a) analyses the attackers physical bandwidth resources, (b) dynamically adapts to the varied work load scenarios, and (c) blocks suspicious service requests from dishonest clients. © 2016 IEEE.

KW - Big data

KW - Data privacy

KW - Distributed computer systems

KW - Distributed database systems

KW - Intrusion detection

KW - Network security

KW - Web services

KW - Application layers

KW - Application level

KW - Bandwidth resource

KW - Challenge response

KW - Distributed denial of service attack

KW - Economic advantages

KW - Performance degradation

KW - Service requests

KW - Denial-of-service attack

U2 - 10.1109/TrustCom.2016.0098

DO - 10.1109/TrustCom.2016.0098

M3 - Conference contribution/Paper

SN - 9781509032068

SP - 465

EP - 472

BT - 2016 IEEE Trustcom/BigDataSE/ISPA

PB - IEEE

ER -