Article: DDoS protection as a service: hiding behind the giants Journal: International Journal of Computational Science and Engineering (IJCSE) 2014 Vol.9 No.4 pp.292 - 300 Abstract: Distributed denial of service (DDoS) attacks constitute an ever growing threat to the internet due to the scale of these attacks and the difficulty of mitigating them. In this paper, we propose a CDN-based DDoS protection service to counter attacks targeting application layer of web servers. These attacks mimic flash crowd events by using large size botnets to generate high volume requests to get certain object(s) from the target. The proposed scheme, called Hideme, leverages the already-deployed, highly available, and distributed massive infrastructure of CDNs to provide protection against DDoS attacks. A website subscribing to this service can hide behind the DDoS protection provider when it becomes under attack. To achieve this goal, Hideme combines the idea of using CAPTCHA by CDN edge servers to distinguish humans from bots and the idea of migration to a secret IP address during the attack period. We evaluate the proposed scheme through extensive experiments over Planetlab. Our results show that the proposed scheme exhibits better performance in terms of effective download throughput while blocking malicious requests. Inderscience Publishers - linking academia, business and industry through research

Title: DDoS protection as a service: hiding behind the giants

Authors: Zakaria Al-Qudah; Basheer Al-Duwairi; Osama Al-Khaleel

Addresses: Department of Computer Engineering, Yarmouk University, Irbid 21163, Jordan ' Department of Network Engineering and Security, Jordan University of Science and Technology, Irbid 22110, Jordan ' Department of Computer Engineering, Jordan University of Science and Technology, Irbid 22110, Jordan

Abstract: Distributed denial of service (DDoS) attacks constitute an ever growing threat to the internet due to the scale of these attacks and the difficulty of mitigating them. In this paper, we propose a CDN-based DDoS protection service to counter attacks targeting application layer of web servers. These attacks mimic flash crowd events by using large size botnets to generate high volume requests to get certain object(s) from the target. The proposed scheme, called Hideme, leverages the already-deployed, highly available, and distributed massive infrastructure of CDNs to provide protection against DDoS attacks. A website subscribing to this service can hide behind the DDoS protection provider when it becomes under attack. To achieve this goal, Hideme combines the idea of using CAPTCHA by CDN edge servers to distinguish humans from bots and the idea of migration to a secret IP address during the attack period. We evaluate the proposed scheme through extensive experiments over Planetlab. Our results show that the proposed scheme exhibits better performance in terms of effective download throughput while blocking malicious requests.

Keywords: DDoS protection; distributed DoS; denial of service; DDoS attacks; content distribution networks; CDNs; CAPTCHA; network security; download throughput; malicious requests.

DOI: 10.1504/IJCSE.2014.060711

International Journal of Computational Science and Engineering, 2014 Vol.9 No.4, pp.292 - 300

Received: 17 Feb 2012
Accepted: 31 Mar 2012
Published online: 24 May 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: DDoS protection as a service: hiding behind the giants

Keep up-to-date