Giảm thiểu tấn công từ chối dịch vụ phân tán thông qua bộ tiêu giảm lưu lượng

Nguyễn Văn Linh và Đtg Tạp chí KHOA HỌC & CÔNG NGHỆ 135(05): 45 - 48

45

MINIMIZE DISTRIBUTED DENIAL OF SERVICE ATTACK

USING WEB FARM ATTENTUATOR

Nguyen Van Linh1*, Nguyen Lan Huong2

College of Information and Communication Technology - TNU

SUMMARY

After the first DDoS attacks on Web server of the University of Minnesota in the early 90s of last

century, people have realized that this is extremely dangerous tools of hackers, so far with no

preventing effective method.Using botnets to disguise assault with a user's access level to cause

great difficulties for administrators to detect and fend off the attacks are taking place. This paper

introduces a method using smart filter for network traffics to reduce bandwidth DDoS attacks. The

key point of the method is the use of dynamic thresholds evaluated unusual access from zombie

computers as well as an active queue mechanism to aid the process of the legitimate users’ traffic.

The results showed that service clusters can sustain DDoS attacks with the performance of

legitimate access is much better and consequently to cause the attacker to increase his botnet size

as much as possible or costs much more to compensate for the filter installed.

Keywords: Distributed Denial Of Service, Network Security

INTRODUCTION*

Although the web is only over a quarter of a

century,DistributedDenial of Service attacks

were and will still be and the tool of choice

for criminals since the dawn of the

Internet.They are easy, very effective and no

solution to prevent absolutely. Denial of

Service is a logically crude tactic to use when

target systems are bombarded with traffic,

which chokes the targeted networks and

renders them unavailable to users.

According toArbor Networks reports6

, in the

First Half of 2014saw the most volumetric

DDoS attacks ever, with more than 100

events over 100GB/sec reported.In recent

years, the botnettool has came out to be a

popular contributor to unwanted and

malicious Internet traffic.The army of zombie

hosts can open regular TCP sessions and issue

legitimate-like HTTP requests, making a

DDoS attack very difficult to distinguish from

legitimate user’s access. This is the backdrop

for our system, which is designed to protect

Web farms against modern DDoS attacks.

This paper introduces webfarm attentutor: a

novel architecture to attenuate the DDoS

*

Tel : 0985 117 515, Email : [email protected]

attacker’s bandwidth.This method is

asymmetric and only monitorsand protects the

uplink toward the Web farm, which is the

typical bottleneck in DDoS attacks. A key

feature of method is : use active queue

mechanism to evaluate the characteristics of

legitimate upload traffic to favor it over attack

traffic.To combat such sophisticated

attackers, attentuator uses randomized

thresholds that trap and penalize deterministic

zombie traffic that tries to mimic human

client patterns. And target is :attenuatethe

DDoS attack’s bandwidth, and consequently

to cause the attacker to increase his botnet

size as much as possible or costs much more

to compensate for the filter installed.

MODEL

A typical structure of network is depicted in

Figure.1. The Web farm is connected to the

Internet through a filtered Firewall. A real

service is typically leased on a bit/s basis,

with throughput between hundreds of Mbit/s

to a few Gbit/s. From the ISP side, the traffic

goes through routers, firewalls and load

balancers until it reaches the actual servers. It

is quite reasonable to assume that the routers,

internal switches and firewalls are all

provisioned to have sufficient throughput to

Nitro PDF Software

100 Portable Document Lane

Wonderland

Nitro PDF Software

100 Portable Document Lane

Wonderland