Home > Research > Publications & Outputs > SENTRY


Text available via DOI:

View graph of relations

SENTRY: A novel approach for mitigating application layer DDoS threats

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Publication date23/08/2016
Host publication2016 IEEE Trustcom/BigDataSE/ISPA
Number of pages8
ISBN (electronic)9781509032051
ISBN (print)9781509032068
<mark>Original language</mark>English


Cloud services are attractive with their advocated technical and economic advantages of transparent resource access, scalability, elasticity and multiple others. However, Cloud services also suffer from multiple infrastructure and application-level threats, with the application-layer distributed denial of service (DDoS) attack being one of the harder ones to mitigate. These attacks typically block the targeted servers by consuming the available resources to result in performance degradation along with the reduced availability of services. While some existing schemes (e.g., intrusion detection/protection) are effective for selective attacks, the evolving application layer DDoS attacks are often able to bypass them. We address this problem by proposing and validating a novel and efficient methodology, termed SENTRY, that specifically aims to mitigate application-layer DDoS attacks. SENTRY utilizes a challenge-response approach that: (a) analyses the attackers physical bandwidth resources, (b) dynamically adapts to the varied work load scenarios, and (c) blocks suspicious service requests from dishonest clients. © 2016 IEEE.