A MODIFIED METHOD FOR DETECTING APPLIED-LEVEL DDOS ATTACKS ON WEB SERVER RESOURCES

Authors

DOI:

https://doi.org/10.18372/2410-7840.24.17378

Keywords:

DDoS attacks, HTTP, HTTPS, LR-DDoS, middleware, web-framework, microservices, information entropy

Abstract

The number of devices connected to the Internet is increasing every year, while DDoS attacks are becoming more frequent, causing downtime of the attacked system. The main challenge is to detect an attack in real time and identify its source. Application layer attacks are similar to client traffic in that they have a low request rate and use software vulnerabilities to drain computing resources. Moreover, HTTP is the most common protocol among application layer attacks, and existing methods are not characterized by both high accuracy and speed. An improved method for analyzing Internet traffic data to identify application-level DDoS attacks at the HTTP protocol level is proposed, which will have a shorter response time to intrusions than existing methods and an identical level of accuracy in detecting malicious traffic. The modified method is based on the calculation of information entropy with new attributes that characterize the application layer. We have found the parameters of HTTP requests, the analysis of which indicates low-rate DDoS attacks, and derived formulas for calculating their entropy. The proposed method makes it possible to increase the speed of identifying the sources of DDoS attacks on web servers, including those that use the HTTPS protocol, by the development of middleware for web frameworks. The structural and logical organization of the attack detection system is described. The proposed method based on the microservice architecture can improve the protection of web servers from DDoS attacks, since the identification time has decreased, and the accuracy has increased.

References

S. Bhatt, Rachit, P.R. Ragiri. Security trends in Inter-net of Things: a survey [Text] // SN Applied Sci-ence, 2021, Vol. 3, № 1. P. 1-14.

Kumar, G. Denial of service attacks – an updated perspective [Text] // Systems science & control en-gineering, 2016, Vol. 4, № 1. P. 285-294.

P. Kaur, M. Kumar, A. Bhandari. A review of detec-tion approaches for distributed denial of service at-tacks [Text] // Systems Science & Control Engi-neering, 2017, Vol. 5, № 1. P. 301-320.

G. No, I. Ra An efficient and reliable DDoS attack detection using a fast entropy computation method [Text] // 2009 9th International Symposium on Communications and Information Technology, 2009. P. 1223-1228.

Y. Zhao, W. Zhang, Y. Feng. A classification detec-tion algorithm based on joint entropy vector against application-layer DDoS attack [Text] // Security and Communication Networks, 2018. P. 1-8.

Myint Oo, S. Kamolphiwong, T. Kamolphiwong M. Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) at-tack on software defined networking (SDN) [Text] // Journal of Computer Networks and Communica-tions, 2019, P. 1-12.

A. Bhardwaj, V. Mangat, R. Vig. Hyperband tuned deep neural network with well posed stacked sparse AutoEncoder for detection of DDoS attacks in cloud [Text] // IEEE Access, 2020, Vol. 8. P. 181916-181929.

Bhuyan, M.H. E‐LDAT: a lightweight system for DDoS flooding attack detection and IP traceback us-ing extended entropy metric [Text] // Security and Communication Networks, 2016, Vol. 9, № 16. – P. 3251-3270.

X. Li, M. Eckert, J.-F. Rubio. Context aware middle-ware architectures: survey and challenges [Text] // Sensors, 2015, Vol. 15, № 8. P. 20570-20607.

Mohammed, A. A novel protective framework for defeating HTTP-based denial of service and distrib-uted denial of service attacks [Text] // The Scientific World Journal, 2015, Vol. 2015, Article ID 238230.

Perez-Diaz, J.A. A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning [Text] // IEEE Access, 2020, Vol. 8. P. 155859-155872.

I. Sharafaldin, A. H. Lashkari, A. A. Ghorbani. To-ward generating a new intrusion detection dataset and intrusion traffic characterization [Text] // Proceed-ings of the 4th International Conference on Infor-mation Systems Security and Privacy, 2018, Vol. 1. P. 108-116.

Downloads

Published

2023-03-27

Issue

Vol. 24 No. 4 (2022): Ukrainian Information Security Research Journal

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).