This paper presents a mitigation scheme to cope with the random query string Denial of Service (DoS) attack, which is based on a vulnerability of current Content Delivery Networks (CDNs), a storage technology widely exploited to create reliable large scale distributed systems and cloud computing system architectures. Basically, the attack exploits the fact that edge servers composing a CDN, receiving an HTTP request for a resource with an appended random query string never saw before, ask the origin server for a (novel) copy of the resource. This request to the origin server is made also if the edge server contains a copy of the resource in its storage. Such characteristics can be employed to take an attack against the origin server by exploiting edge servers. In fact, the attacker can send different random query string requests to different edge servers that will overload the origin server with simultaneous (and unneeded) requests. Our strategy is based on the adoption of a simple gossip protocol, executed by edge servers, to detect the attack. Based on such a detection, countermeasures can be taken to protect the origin server, the CDN and thus the whole distributed system architecture against the attack. We provide simulation results that show the viability of our approach.

Mitigation of Random Query String DoS via Gossip

S. Ferretti;
2012

Abstract

This paper presents a mitigation scheme to cope with the random query string Denial of Service (DoS) attack, which is based on a vulnerability of current Content Delivery Networks (CDNs), a storage technology widely exploited to create reliable large scale distributed systems and cloud computing system architectures. Basically, the attack exploits the fact that edge servers composing a CDN, receiving an HTTP request for a resource with an appended random query string never saw before, ask the origin server for a (novel) copy of the resource. This request to the origin server is made also if the edge server contains a copy of the resource in its storage. Such characteristics can be employed to take an attack against the origin server by exploiting edge servers. In fact, the attacker can send different random query string requests to different edge servers that will overload the origin server with simultaneous (and unneeded) requests. Our strategy is based on the adoption of a simple gossip protocol, executed by edge servers, to detect the attack. Based on such a detection, countermeasures can be taken to protect the origin server, the CDN and thus the whole distributed system architecture against the attack. We provide simulation results that show the viability of our approach.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11576/2679057
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? ND
social impact