|Title:||Defending against asymmetric application-layer denial-of-service attacks|
|Subject:||Computer networks -- Security measures|
Denial of service attacks
Hong Kong Polytechnic University -- Dissertations
|Department:||Department of Computing|
|Pages:||xiii, 86 pages : color illustrations|
|Abstract:||Denial of service (DoS) attacks represent the biggest threat to many internet companies. As the network-level attacks filtering techniques continue to mature and develop, attacks begin to target at the application layer, taking advantage of the weaknesses in application implementation or in communications protocol design. The 2019 Cyberthreats and Trends Report from Neustar highlighted that the application-layer DoS attacks are evolving into a more complex and sophisticated type. Increasing computational complexities in web applications pose a threat to the server resource, e.g. CPU, memory, which give the attackers a leg up. With the rapid development of the Internet, Web applications become richer and more interactive, bringing Asymmetric application layer DoS attacks into being. With carefully crafted requests and limited bandwidth, these attacks trigger significant resource consumption on the server side, making the online services unavailable to legitimate users. Since these application-specific DoS attacks lack distinctive network patterns, existing detection mechanisms are defenseless in the face of these attacks. This thesis aims to propose a method to detect and defense against asymmetric application layer DoS attacks. We propose a new gray box fuzzer based on the popular software fuzzer AFL that leverages hardware features to trace the program for feedback. We integrate the method level analysis with fuzzing test to find asymmetric application layer vulnerabilities. To detect the asymmetric application layer DoS attacks online, we leverage Linux extended Berkeley Packet Filter technique to instrument resource-intensive functions and key request processing functions for monitoring. The data collected online will be feed to an anomaly detection model for training purpose. We also design an XDP network filter to drop the traffic from attackers in NIC driver. We demonstrate our method can be integrated with typical servers and applications with a very low cost of overhead.|
|Rights:||All rights reserved|
Files in This Item:
|5864.pdf||For All Users (off-campus access for PolyU Staff & Students only)||9.17 MB||Adobe PDF||View/Open|
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item: