Full metadata record
DC FieldValueLanguage
dc.contributorDepartment of Computingen_US
dc.creatorWu, Shuohan-
dc.publisherHong Kong Polytechnic Universityen_US
dc.rightsAll rights reserveden_US
dc.titleDefending against asymmetric application-layer denial-of-service attacksen_US
dcterms.abstractDenial of service (DoS) attacks represent the biggest threat to many internet companies. As the network-level attacks filtering techniques continue to mature and develop, attacks begin to target at the application layer, taking advantage of the weaknesses in application implementation or in communications protocol design. The 2019 Cyberthreats and Trends Report from Neustar highlighted that the application-layer DoS attacks are evolving into a more complex and sophisticated type. Increasing computational complexities in web applications pose a threat to the server resource, e.g. CPU, memory, which give the attackers a leg up. With the rapid development of the Internet, Web applications become richer and more interactive, bringing Asymmetric application layer DoS attacks into being. With carefully crafted requests and limited bandwidth, these attacks trigger significant resource consumption on the server side, making the online services unavailable to legitimate users. Since these application-specific DoS attacks lack distinctive network patterns, existing detection mechanisms are defenseless in the face of these attacks. This thesis aims to propose a method to detect and defense against asymmetric application layer DoS attacks. We propose a new gray box fuzzer based on the popular software fuzzer AFL that leverages hardware features to trace the program for feedback. We integrate the method level analysis with fuzzing test to find asymmetric application layer vulnerabilities. To detect the asymmetric application layer DoS attacks online, we leverage Linux extended Berkeley Packet Filter technique to instrument resource-intensive functions and key request processing functions for monitoring. The data collected online will be feed to an anomaly detection model for training purpose. We also design an XDP network filter to drop the traffic from attackers in NIC driver. We demonstrate our method can be integrated with typical servers and applications with a very low cost of overhead.en_US
dcterms.extentxiii, 86 pages : color illustrationsen_US
dcterms.isPartOfPolyU Electronic Thesesen_US
dcterms.educationalLevelAll Masteren_US
dcterms.LCSHComputer networks -- Security measuresen_US
dcterms.LCSHDenial of service attacksen_US
dcterms.LCSHHong Kong Polytechnic University -- Dissertationsen_US
dcterms.accessRightsrestricted accessen_US

Files in This Item:
File Description SizeFormat 
5864.pdfFor All Users (off-campus access for PolyU Staff & Students only)9.17 MBAdobe PDFView/Open

Copyright Undertaking

As a bona fide Library user, I declare that:

  1. I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
  2. I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
  3. I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.

By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.

Show simple item record

Please use this identifier to cite or link to this item: https://theses.lib.polyu.edu.hk/handle/200/11378