Advanced Random Time Queue Blocking for Effective Protection of Application Servers Against Low-Rate DoS Attacks

10.6633/IJNS.201711.19(6).19

R. Kavitha；G. Padmavathi

ARTQB ； IRTQB ； Low-rate Denial-of-Service (LDoS) ； RTQB ； Spatial Similarity Metric (SSM)

International Journal of Network Security

19卷6期（2017 / 11 / 01）

1024 - 1035

英文

Low-rate traffic denial-of-service (DoS) attacks are a strategy to deny services of a network by detecting the vulnerabilities in the application behaviors. The low- rate DoS attack against the application servers is considered in this paper with the motive to develop an efficient defense technique against the low-rate DoS attack. Among different defense techniques, the Improved Random Time Queue Blocking (IRTQB) performs better than other methods. IRTQB performs similar to Random Time Queue Blocking (RTQB), but it selectively chooses the blocking interval requests only from the potential attackers and discards them. However, the differentiation of the attacker requests from the legitimate users' is not al- ways efficient as only the source IP addresses and the record timestamp are considered. This can be improved when considering more complex set of features. Hence, in this paper, the Advanced Random Time Queue Blocking (ARTQB) scheme is proposed by additionally employing Bandwidth utilization of attacker and legitimate user in IRTQB. ARTQB defines Spatial Similarity Metric (SSM) between the requests in terms of source IP addresses, the record timestamp and the bandwidth. Thus the defense of the application server against the low-rate DoS attack is be improved than IRTQB. Experimental results show that the proposed ARTQB performs better protection of Low-Rate DoS Attack against Application Servers (LoR- DAS) by reducing the attack efficiency and attack impact on the server.