Characterizing the Impacts of Application Layer DDoS Attacks

Muhui Jiang, Chenxu Wang, Xiapu Luo, Miu Tung Miu, Ting Chen

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

8 Citations (Scopus)

Abstract

Distributed Denial of Service (DDoS) attacks are still among the most urgent threats to the modern Internet. Recently, application layer DDoS attacks against web servers are becoming popular, resulting in great revenue losses to victims. A systematic evaluation on the impacts of different DDoS attack methods is vital for the protection of web servers. In this paper, we examine the impacts of application layer DDoS attacks, including existing attacks against HTTP/1.1 and the new attacks proposed by us against HTTP/2.0. Moreover, to better understand attackers' capabilities of launching severe application layer DDoS attacks, we design a new measurement method to remotely infer the performance of web servers and a method to differentiate dynamic and static URLs. We have collected and tailored 4 existing tools to launch 5 different DDoS attacks against HTTP/1.1 and developed a new DDoS tool to perform 5 different DDoS attacks against HTTP/2.0. By conducting extensive experiments in a testbed with two e-commercial websites running Apache and Nginx, we carefully evaluate the impacts of different DDoS attacks. The results show that the new remote measurement method is able to detect the effects caused by different DDoS attacks. Moreover, the attack impacts are affected by URLs, server architectures, and attack methods.

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017
EditorsShiping Chen, Ilkay Altintas
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages500-507
Number of pages8
ISBN (Electronic)9781538607527
DOIs
Publication statusPublished - 7 Sep 2017
Event24th IEEE International Conference on Web Services, ICWS 2017 - Honolulu, United States
Duration: 25 Jun 201730 Jun 2017

Publication series

NameProceedings - 2017 IEEE 24th International Conference on Web Services, ICWS 2017

Conference

Conference24th IEEE International Conference on Web Services, ICWS 2017
CountryUnited States
CityHonolulu
Period25/06/1730/06/17

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems and Management

Cite this