Abstract
This paper presents a mitigation scheme to cope with the random query string Denial of Service (DoS) attack, which is based on a vulnerability of current Content Delivery Networks (CDNs), a storage technology widely exploited to create reliable large scale distributed systems and cloud computing system architectures. Basically, the attack exploits the fact that edge servers composing a CDN, receiving an HTTP request for a resource with an appended random query string never saw before, ask the origin server for a (novel) copy of the resource. This request to the origin server is made also if the edge server contains a copy of the resource in its storage. Such characteristics can be employed to take an attack against the origin server by exploiting edge servers. In fact, the attacker can send different random query string requests to different edge servers that will overload the origin server with simultaneous (and unneeded) requests. Our strategy is based on the adoption of a simple gossip protocol, executed by edge servers, to detect the attack. Based on such a detection, countermeasures can be taken to protect the origin server, the CDN and thus the whole distributed system architecture against the attack. We provide simulation results that show the viability of our approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ager, B., Mühlbauer, W., Smaragdakis, G., Uhlig, S.: Comparing dns resolvers in the wild. In: Proceedings of the 10th Annual Conference on Internet Measurement, IMC 2010, pp. 15–21. ACM, New York (2010)
Al-Qudah, Z., Lee, S., Rabinovich, M., Spatscheck, O., Van der Merwe, J.: Anycast-aware transport for content delivery networks. In: Proceedings of the 18th International Conference on World Wide Web, WWW 2009, pp. 301–310. ACM, New York (2009)
Broberg, J., Buyya, R., Tari, Z.: Metacdn: Harnessing ’storage clouds’ for high performance content delivery. J. Network and Computer Applications, 1012–1022 (2009)
Chiu, C., Lin, H., Yuan, S.: Cloudedge: a content delivery system for storage service in cloud environment. Int. J. Ad Hoc Ubiquitous Comput. 6, 252–262 (2010)
Contributors, G.P.: GSL - GNU scientific library - GNU project - free software foundation (FSF) (2010), http://www.gnu.org/software/gsl/
D’Angelo, G., Ferretti, S.: Simulation of scale-free networks. In: Simutools 2009: Proc. of the 2nd International Conference on Simulation Tools and Techniques, pp. 1–10. ICST, Brussels (2009)
D’Angelo, G., Stefano, F., Moreno, M.: Adaptive event dissemination for peer-to-peer multiplayer online games. In: Proceedings of the International Workshop on DIstributed SImulation and Online Gaming (DISIO 2011) - ICST Conference on Simulation Tools and Techniques (SIMUTools 2011), pp. 1–8. ICST, Brussels (2011)
Ferretti, S., Ghini, V., Panzieri, F., Pellegrini, M., Turrini, E.: Qos-aware clouds. In: Proceedings of the 2010 IEEE 3rd International Conference on Cloud Computing, CLOUD 2010, pp. 321–328. IEEE Computer Society, Washington, DC (2010)
Lee, K.-W., Chari, S., Shaikh, A., Sahu, S., Cheng, P.-C.: Improving the resilience of content distribution networks to large scale distributed denial of service attacks. Comput. Netw. 51, 2753–2770 (2007)
Leighton, T.: Akamai and cloud computing: A perspective from the edge of the cloud. Akamai White Paper (2010)
Poese, I., Frank, B., Ager, B., Smaragdakis, G., Feldmann, A.: Improving content delivery using provider-aided distance information. In: Proceedings of the 10th Annual Conference on Internet Measurement, IMC 2010, pp. 22–34. ACM, New York (2010)
Schneider, D.: Network defense gone wrong. IEEE Spectrum 48, 11–12 (2011)
Su, A.-J., Choffnes, D.R., Kuzmanovic, A., Bustamante, F.E.: Drafting behind akamai: inferring network conditions based on cdn redirections. IEEE/ACM Trans. Netw. 17(6), 1752–1765 (2009)
Su, A.-J., Kuzmanovic, A.: Thinning akamai. In: Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement, IMC 2008, pp. 29–42. ACM, New York (2008)
Triukose, S., Al-Qudah, Z., Rabinovich, M.: Content Delivery Networks: Protection or Threat? In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 371–389. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ferretti, S., Ghini, V. (2012). Mitigation of Random Query String DoS via Gossip. In: Dua, S., Gangopadhyay, A., Thulasiraman, P., Straccia, U., Shepherd, M., Stein, B. (eds) Information Systems, Technology and Management. ICISTM 2012. Communications in Computer and Information Science, vol 285. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29166-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-29166-1_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29165-4
Online ISBN: 978-3-642-29166-1
eBook Packages: Computer ScienceComputer Science (R0)