A Protection System Against HTTP Flood Attacks Using Software Defined Networking

HyperText Transfer Protocol (HTTP) Flood Distributed Denial-of-Service attacks use a set of infected nodes in a botnet to overload a web server. This article proposes a protection system against these attacks based on Software Defined Networking (SDN). Our system provides a simple challenge to detec...

Full description

Saved in:
Bibliographic Details
Published in:Journal of network and systems management 2023-03, Vol.31 (1), p.16, Article 16
Main Authors: Gonçalves, Diego S. M., Couto, Rodrigo S., Rubinstein, Marcelo G.
Format: Article
Language:English
Subjects:
Applications programs
Clients
Communications Engineering
Computer Communication Networks
Computer Science
Computer Systems Organization and Communication Networks
Cybersecurity
Denial of service attacks
Flood management
Hypertext
Information Systems and Communication Service
Inserts
IP (Internet Protocol)
Malware
Messages
Networks
Nodes
Operations Research/Decision Theory
Servers
Software
Software-defined networking
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:HyperText Transfer Protocol (HTTP) Flood Distributed Denial-of-Service attacks use a set of infected nodes in a botnet to overload a web server. This article proposes a protection system against these attacks based on Software Defined Networking (SDN). Our system provides a simple challenge to detect attackers. When a request arrives for a given application, our system sends an HTTP redirection message to the client. This message instructs the client to use the actual Web application’s IP address. Hence, assuming that botnet nodes do not implement the complete HTTP protocol, they will not follow this redirection. As requests from botnets will not reach the application, only legitimate clients will access the protected server. This approach allows the system to differentiate attackers’ IP addresses from legitimate clients’ IPs. Consequently, the system inserts SDN flow rules to block future requests from attackers. Our proposal reduces the load of an attacked Autonomous System (AS) using the collaboration of other ASes. The idea is that when the application is under attack, the system redirects the requests to the Collaborating ASes. Hence, legitimate clients follow the redirection and access the web application through the collaborating AS. We evaluate the system using Mininet. The results show that the attacked AS’s SDN Controller can reduce its CPU consumption by 65.32% when six collaborating ASes are used. Also, when under attack, the system reduces the latency perceived by the clients from 6 s to approximately 0.4 s.
ISSN:1064-7570
1573-7705
DOI:10.1007/s10922-022-09704-1