Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - SENTRY
T2 - A novel approach for mitigating application layer DDoS threats
AU - Zhang, H.
AU - Taha, A.
AU - Trapero, R.
AU - Luna, J.
AU - Suri, Neeraj
PY - 2016/8/23
Y1 - 2016/8/23
N2 - Cloud services are attractive with their advocated technical and economic advantages of transparent resource access, scalability, elasticity and multiple others. However, Cloud services also suffer from multiple infrastructure and application-level threats, with the application-layer distributed denial of service (DDoS) attack being one of the harder ones to mitigate. These attacks typically block the targeted servers by consuming the available resources to result in performance degradation along with the reduced availability of services. While some existing schemes (e.g., intrusion detection/protection) are effective for selective attacks, the evolving application layer DDoS attacks are often able to bypass them. We address this problem by proposing and validating a novel and efficient methodology, termed SENTRY, that specifically aims to mitigate application-layer DDoS attacks. SENTRY utilizes a challenge-response approach that: (a) analyses the attackers physical bandwidth resources, (b) dynamically adapts to the varied work load scenarios, and (c) blocks suspicious service requests from dishonest clients. © 2016 IEEE.
AB - Cloud services are attractive with their advocated technical and economic advantages of transparent resource access, scalability, elasticity and multiple others. However, Cloud services also suffer from multiple infrastructure and application-level threats, with the application-layer distributed denial of service (DDoS) attack being one of the harder ones to mitigate. These attacks typically block the targeted servers by consuming the available resources to result in performance degradation along with the reduced availability of services. While some existing schemes (e.g., intrusion detection/protection) are effective for selective attacks, the evolving application layer DDoS attacks are often able to bypass them. We address this problem by proposing and validating a novel and efficient methodology, termed SENTRY, that specifically aims to mitigate application-layer DDoS attacks. SENTRY utilizes a challenge-response approach that: (a) analyses the attackers physical bandwidth resources, (b) dynamically adapts to the varied work load scenarios, and (c) blocks suspicious service requests from dishonest clients. © 2016 IEEE.
KW - Big data
KW - Data privacy
KW - Distributed computer systems
KW - Distributed database systems
KW - Intrusion detection
KW - Network security
KW - Web services
KW - Application layers
KW - Application level
KW - Bandwidth resource
KW - Challenge response
KW - Distributed denial of service attack
KW - Economic advantages
KW - Performance degradation
KW - Service requests
KW - Denial-of-service attack
U2 - 10.1109/TrustCom.2016.0098
DO - 10.1109/TrustCom.2016.0098
M3 - Conference contribution/Paper
SN - 9781509032068
SP - 465
EP - 472
BT - 2016 IEEE Trustcom/BigDataSE/ISPA
PB - IEEE
ER -