Mitigation of Random Query String DoS via Gossip

This paper presents a mitigation scheme to cope with the random query string Denial of Service (DoS) attack, which is based on a vulnerability of current Content Delivery Networks (CDNs), a storage technology widely exploited to create reliable large scale distributed systems and cloud computing system architectures. Basically, the attack exploits the fact that edge servers composing a CDN, receiving an HTTP request for a resource with an appended random query string never saw before, ask the origin server for a (novel) copy of the resource. This request to the origin server is made also if the edge server contains a copy of the resource in its storage. Such characteristics can be employed to take an attack against the origin server by exploiting edge servers. In fact, the attacker can send different random query string requests to different edge servers that will overload the origin server with simultaneous (and unneeded) requests. Our strategy is based on the adoption of a simple gossip protocol, executed by edge servers, to detect the attack. Based on such a detection, countermeasures can be taken to protect the origin server, the CDN and thus the whole distributed system architecture against the attack. We provide simulation results that show the viability of our approach.