Paper Title:
A Defensive OTP-Based Mechanism against Application Layer DDoS Attacks
  Abstract

In this paper, we present the design and implementation of OTP-DEF, a kernel extension to protect web servers against application layer DDoS attacks. OTP-DEF provides authentication by using OTP-based tests, which is different from other systems that use graphical tests. First of all, according to the load of web server, an OTP-DEF web-server should fall into one of three following modes: normal, suspected attack or confirmed attack mode, and the OTP-DEF authentication mechanism shall only be activated when web-server is in suspected attack mode. Secondly, we use OTP as our puzzle, which can automatically change at the certain time interval. It makes our proposal can defend socially-engineered attack, copy attacks, replay attacks and Brute-Force Attack. Thirdly, OTP-DEF uses an intermediate stage to identify the IP addresses that ignore the test, and persistently bombard the server with requests despite repeated failures at solving the puzzles. These machines are zombies because their intent is to congest the server. Once these machines are identified, OTP-DEF blocks their requests, turns the tests off, and allows access to legitimate users who are unable or unwilling to solve tests. Finally, OTP-DEF requires no modifications to client software.

  Info
Periodical
Key Engineering Materials (Volumes 480-481)
Edited by
Yanwen Wu
Pages
769-774
DOI
10.4028/www.scientific.net/KEM.480-481.769
Citation
X. Ye, W. S. Wen, Y. R. Ye, "A Defensive OTP-Based Mechanism against Application Layer DDoS Attacks", Key Engineering Materials, Vols. 480-481, pp. 769-774, 2011
Online since
June 2011
Export
Price
$32.00
Share

In order to see related information, you need to Login.

In order to see related information, you need to Login.

Authors: Hai Lang Liu, Xiao Hu Liu
Abstract:At present the application layer in the network data transmission and expression of the most widely used protocol is Http protocol, embedded...
2856
Authors: Xing Xing Feng, Yan Peng, Yi Long Zhao
Abstract:Botnet is a kind of computer clusters which hackers have controlled by one to many command channels for malicious purposes. Using a botnet,...
575
Authors: Yan Shen Chen, De Zhi Han
Chapter 12: Computer-Aided Design, Manufacturing and Engineering
Abstract:To solve the data security issue in intranet massive storage system, a Multi-Protocol Secure File System ( for short MPSFS) is designed....
4704
Authors: Qi Feng Shao, Tian Chi Yang, Wei Hou
Chapter 18: Communication Technology and Network Security
Abstract:Single sign-on system could satisfy with the requirement of the multiple authentication in different applications, and implement unified...
2411
Authors: Lin Chen, Zhi Yi Fang, Hong Bin Wang, Rui Yang
Chapter 10: Applied Computing and Information Technologies
Abstract:Load balancing problems play a special role in the operation of parallel and distribution systems. The core technology of load balancing is...
2241