Securely Hiding the Real Servers from DDoS Floods

Securely Hiding the Real Servers from DDoS Floods

Distributed denial of service (DDoS) attacks still remains as one of the largest concerns for online businesses. Although an HTTPS compatible scheme is necessary for many online services, several previously proposed defense schemes fail to combine both HTTPS compatibility with practicality. In this...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Eid, Mohamad Samir A, Aida, Hitoshi
Format: Tagungsbericht
Sprache:eng ; jpn
Schlagworte:
access control
Computer crime
DDoS protection
e-commerce
Floods
internet security
IP networks
privacy
Protocols
Prototypes
Web server
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 168
container_issue
container_start_page 165
container_title
container_volume
creator Eid, Mohamad Samir A
Aida, Hitoshi
description Distributed denial of service (DDoS) attacks still remains as one of the largest concerns for online businesses. Although an HTTPS compatible scheme is necessary for many online services, several previously proposed defense schemes fail to combine both HTTPS compatibility with practicality. In this paper, a novel defense architecture that blocks malicious traffic far from the protected servers is proposed. Protected servers are hidden inside a secure overlay network only accessible through a set of access-nodes (AN) with rate limiting and access control functionalities. Protected servers are required to provide at least one dummy public server as an initial connection step point. An experimental prototype is implemented and tested. Results show; system compatibility with e-commerce websites needs, also, the AN impact on the protected server performance is less than 10% reduction in file transfer throughput, in addition, the public server could survive attack rates more than 10 times higher than an ordinary server. Through discussion we demonstrate the system ability to protect the servers' resources from all attack types without sacrificing data integrity or confidentiality. To the best of our knowledge, we offer the first practical DDoS protection scheme fully compatible with HTTPS.
doi_str_mv 10.1109/SAINT.2010.62
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_5598153</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>5598153</ieee_id><sourcerecordid>5598153</sourcerecordid><originalsourceid>FETCH-LOGICAL-i156t-b6d4d591229cc3e0fd71a1e47c3b2f179a9dcdea867ea5f186d540b09444e8953</originalsourceid><addsrcrecordid>eNpFjc1KAzEYRSMiqLVLV27yAlPz5XeyLK39gWKhU9clk3zRyNSRpAp9ewcUPJvL2dxDyD2wCQCzj810_byfcDa45hfkFiSX0ihu7OW_aHZNxqW8swGpOLf2hkCD_itjd6arFNLHKz29Id2h62iD-RtzoTH3Rzqf9w1ddH0fyh25iq4rOP7bEXlZPO1nq2qzXa5n002VQOlT1eogg7IwZLwXyGIw4ACl8aLlEYx1NviArtYGnYpQ66Aka5mVUmJtlRiRh9_fhIiHz5yOLp8PStkalBA_8BhCrw</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Securely Hiding the Real Servers from DDoS Floods</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Eid, Mohamad Samir A ; Aida, Hitoshi</creator><creatorcontrib>Eid, Mohamad Samir A ; Aida, Hitoshi</creatorcontrib><description>Distributed denial of service (DDoS) attacks still remains as one of the largest concerns for online businesses. Although an HTTPS compatible scheme is necessary for many online services, several previously proposed defense schemes fail to combine both HTTPS compatibility with practicality. In this paper, a novel defense architecture that blocks malicious traffic far from the protected servers is proposed. Protected servers are hidden inside a secure overlay network only accessible through a set of access-nodes (AN) with rate limiting and access control functionalities. Protected servers are required to provide at least one dummy public server as an initial connection step point. An experimental prototype is implemented and tested. Results show; system compatibility with e-commerce websites needs, also, the AN impact on the protected server performance is less than 10% reduction in file transfer throughput, in addition, the public server could survive attack rates more than 10 times higher than an ordinary server. Through discussion we demonstrate the system ability to protect the servers' resources from all attack types without sacrificing data integrity or confidentiality. To the best of our knowledge, we offer the first practical DDoS protection scheme fully compatible with HTTPS.</description><identifier>ISBN: 1424475260</identifier><identifier>ISBN: 9781424475261</identifier><identifier>EISBN: 1424475279</identifier><identifier>EISBN: 0769541070</identifier><identifier>EISBN: 9781424475278</identifier><identifier>EISBN: 9780769541075</identifier><identifier>DOI: 10.1109/SAINT.2010.62</identifier><language>eng ; jpn</language><publisher>IEEE</publisher><subject>access control ; Computer crime ; DDoS protection ; e-commerce ; Floods ; internet security ; IP networks ; privacy ; Protocols ; Prototypes ; Web server</subject><ispartof>2010 10th IEEE/IPSJ International Symposium on Applications and the Internet, 2010, p.165-168</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/5598153$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,776,780,785,786,2052,27902,54895</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/5598153$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Eid, Mohamad Samir A</creatorcontrib><creatorcontrib>Aida, Hitoshi</creatorcontrib><title>Securely Hiding the Real Servers from DDoS Floods</title><title>2010 10th IEEE/IPSJ International Symposium on Applications and the Internet</title><addtitle>saint</addtitle><description>Distributed denial of service (DDoS) attacks still remains as one of the largest concerns for online businesses. Although an HTTPS compatible scheme is necessary for many online services, several previously proposed defense schemes fail to combine both HTTPS compatibility with practicality. In this paper, a novel defense architecture that blocks malicious traffic far from the protected servers is proposed. Protected servers are hidden inside a secure overlay network only accessible through a set of access-nodes (AN) with rate limiting and access control functionalities. Protected servers are required to provide at least one dummy public server as an initial connection step point. An experimental prototype is implemented and tested. Results show; system compatibility with e-commerce websites needs, also, the AN impact on the protected server performance is less than 10% reduction in file transfer throughput, in addition, the public server could survive attack rates more than 10 times higher than an ordinary server. Through discussion we demonstrate the system ability to protect the servers' resources from all attack types without sacrificing data integrity or confidentiality. To the best of our knowledge, we offer the first practical DDoS protection scheme fully compatible with HTTPS.</description><subject>access control</subject><subject>Computer crime</subject><subject>DDoS protection</subject><subject>e-commerce</subject><subject>Floods</subject><subject>internet security</subject><subject>IP networks</subject><subject>privacy</subject><subject>Protocols</subject><subject>Prototypes</subject><subject>Web server</subject><isbn>1424475260</isbn><isbn>9781424475261</isbn><isbn>1424475279</isbn><isbn>0769541070</isbn><isbn>9781424475278</isbn><isbn>9780769541075</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2010</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNpFjc1KAzEYRSMiqLVLV27yAlPz5XeyLK39gWKhU9clk3zRyNSRpAp9ewcUPJvL2dxDyD2wCQCzj810_byfcDa45hfkFiSX0ihu7OW_aHZNxqW8swGpOLf2hkCD_itjd6arFNLHKz29Id2h62iD-RtzoTH3Rzqf9w1ddH0fyh25iq4rOP7bEXlZPO1nq2qzXa5n002VQOlT1eogg7IwZLwXyGIw4ACl8aLlEYx1NviArtYGnYpQ66Aka5mVUmJtlRiRh9_fhIiHz5yOLp8PStkalBA_8BhCrw</recordid><startdate>201007</startdate><enddate>201007</enddate><creator>Eid, Mohamad Samir A</creator><creator>Aida, Hitoshi</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>201007</creationdate><title>Securely Hiding the Real Servers from DDoS Floods</title><author>Eid, Mohamad Samir A ; Aida, Hitoshi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i156t-b6d4d591229cc3e0fd71a1e47c3b2f179a9dcdea867ea5f186d540b09444e8953</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng ; jpn</language><creationdate>2010</creationdate><topic>access control</topic><topic>Computer crime</topic><topic>DDoS protection</topic><topic>e-commerce</topic><topic>Floods</topic><topic>internet security</topic><topic>IP networks</topic><topic>privacy</topic><topic>Protocols</topic><topic>Prototypes</topic><topic>Web server</topic><toplevel>online_resources</toplevel><creatorcontrib>Eid, Mohamad Samir A</creatorcontrib><creatorcontrib>Aida, Hitoshi</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Eid, Mohamad Samir A</au><au>Aida, Hitoshi</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Securely Hiding the Real Servers from DDoS Floods</atitle><btitle>2010 10th IEEE/IPSJ International Symposium on Applications and the Internet</btitle><stitle>saint</stitle><date>2010-07</date><risdate>2010</risdate><spage>165</spage><epage>168</epage><pages>165-168</pages><isbn>1424475260</isbn><isbn>9781424475261</isbn><eisbn>1424475279</eisbn><eisbn>0769541070</eisbn><eisbn>9781424475278</eisbn><eisbn>9780769541075</eisbn><abstract>Distributed denial of service (DDoS) attacks still remains as one of the largest concerns for online businesses. Although an HTTPS compatible scheme is necessary for many online services, several previously proposed defense schemes fail to combine both HTTPS compatibility with practicality. In this paper, a novel defense architecture that blocks malicious traffic far from the protected servers is proposed. Protected servers are hidden inside a secure overlay network only accessible through a set of access-nodes (AN) with rate limiting and access control functionalities. Protected servers are required to provide at least one dummy public server as an initial connection step point. An experimental prototype is implemented and tested. Results show; system compatibility with e-commerce websites needs, also, the AN impact on the protected server performance is less than 10% reduction in file transfer throughput, in addition, the public server could survive attack rates more than 10 times higher than an ordinary server. Through discussion we demonstrate the system ability to protect the servers' resources from all attack types without sacrificing data integrity or confidentiality. To the best of our knowledge, we offer the first practical DDoS protection scheme fully compatible with HTTPS.</abstract><pub>IEEE</pub><doi>10.1109/SAINT.2010.62</doi><tpages>4</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 1424475260
ispartof 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet, 2010, p.165-168
issn
language eng ; jpn
recordid cdi_ieee_primary_5598153
source IEEE Electronic Library (IEL) Conference Proceedings
subjects access control
Computer crime
DDoS protection
e-commerce
Floods
internet security
IP networks
privacy
Protocols
Prototypes
Web server
title Securely Hiding the Real Servers from DDoS Floods
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T12%3A41%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Securely%20Hiding%20the%20Real%20Servers%20from%20DDoS%20Floods&rft.btitle=2010%2010th%20IEEE/IPSJ%20International%20Symposium%20on%20Applications%20and%20the%20Internet&rft.au=Eid,%20Mohamad%20Samir%20A&rft.date=2010-07&rft.spage=165&rft.epage=168&rft.pages=165-168&rft.isbn=1424475260&rft.isbn_list=9781424475261&rft_id=info:doi/10.1109/SAINT.2010.62&rft_dat=%3Cieee_6IE%3E5598153%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&rft.eisbn=1424475279&rft.eisbn_list=0769541070&rft.eisbn_list=9781424475278&rft.eisbn_list=9780769541075&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=5598153&rfr_iscdi=true