基於瀏覽器之分散式阻斷服務攻擊防禦技術研究

Mitigating Browser-Based Distributed Denial of Service

劉祉君(Chih Chun Liu)

分散式阻斷服務攻擊 ； 基於瀏覽器分散式阻斷攻擊 ； Distributed Denial of Service ； Browser-based DDoS

資訊安全通訊

24卷1期（2018 / 01 / 01）

1 - 17

繁體中文

近幾年來分散式阻斷服務(DDoS)攻擊事件仍然層出不窮，例如2016年Mirai殭屍網路操控物聯網設備發動約620Gbit/s的DDoS攻擊及2017年台灣券商遭自稱Armada Collective駭客集團發動DDoS攻擊。除此之外，越來越多新型態DDoS攻擊手法出現，例如2015年The Great Cannon攻擊Github的事件。此種攻擊手法利用瀏覽器執行惡意的JavaScript，讓網頁不斷送出HTTP連線請求給受害網站，他可以輕易地發動比一般DDoS還要大規模的攻擊。鑑於此種特殊形態的DDoS與一般DDoS有許多不同之處，在本篇報告中我們深入介紹此種基於瀏覽器式的DDoS攻擊(Browser-Based DDoS)，討論針對此種攻擊的防禦方式與一般DDoS防禦有何不同，並分析比較各種過去已被提出的防禦方式，最後我們探討防禦此種攻擊的未來的挑戰及瓶頸，以提供後續在此技術領域研究之參考。

Distributed Denial of Service (DDoS) attacks continue to threaten the Internet in recent years. For example, the Mirai IoT botnet launched an unprecedented 620Gbit/s DDoS attack in 2016, and a DDoS threat was made to several brokerages in Taiwan by a self-proclaimed group of cybercriminal calling themselves Armada Collective in 2017. Besides, new DDoS attack methods appeared and rendered existing defenses ineffective. A blatant example is the China's Great Cannon first observed in 2015. By injecting malicious JavaScript in the web browsers of unwitting users, this attack caused thousands of HTTP requests per second to victim sites and can easily scale up the attack volume because of its special attack method. Because such browser-based DDoS attacks exhibit several distinct features compared to previous DDoS attacks, we argue that a systematic investigation of traditional DDoS mitigation techniques against browser-based DDoS attacks is needed. Hence, in this survey paper, we introduce browser-based DDoS attacks and examine potential mitigation techniques against such attacks. The aim of this survey is to gain insights into current research on the defense of this attack by analyzing their effectiveness. This survey also discusses various technical challenges that need to be addressed and provides recommendations for future research directions.

1. https://code.google.com/archive/p/browsersec/wikis/Part2.wiki#Same-origin_policy
2. https://blog.cloudflare.com/mobile-ad-networks-as-ddos-vectors/
3. http://www.caida.org/home/
4. http://www.theregister.co.uk/2015/03/27/github_under_fire_from_weaponized_great_firewall/
5. Agrawall, A.,Chaitanya, K.,Agrawal, A. K.,Choppella, V.(2017).Mitigating Browser-based DDoS Attacks using CORP.Proceedings of the 10th Innovations in Software Engineering Conference
6. Braun, F,Akhawe, D.,Weinberger, J.,West, M.(2014).F Braun, D. Akhawe, J. Weinberger and M. West, “Subresource integrity,” W3C working draft, 2014..
7. Gupta, B. B.,Badve, O. P..Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment.Neural Computing and Applications,28(12),3655-3682.
8. Kesteren, A. V.(2010).A. V. Kesteren, “Cross-Origin Resource Sharing,” W3C Working Draft, Version WD-cors20100727, 2010..
9. Marczak, B.,Weaver, N.,Dalek, J.,Ensafi, R.,Fifield, D.,McKune, S.,Rey, A.,Railton, J. S.,Deibert, R.,Paxson, V.(2015).An analysis of china's "great cannon".FOCI.
10. Mirkovic, J.,Peter, R.(2004).A taxonomy of DDoS attack and DDoS defense mechanisms.ACM SIGCOMM Computer Communication Review,34(2),39-53.
11. Oh, S.,Bae, H.,Yoon, S.,Kim, H.,Cha,Y.(2016).Malicious Script Blocking Detection Technology Using a Local Proxy.2016 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS)
12. Pellegrino, G.,Rossow, C.,Ryba, F. J.,Schmidt, T. C.,Wählisch, M.(2015).Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics.WOO
13. Yoon, S.,Choo, H. L.,Bae, H.,Kim, H.(2016).Behavior-Based Detection for Malicious Script-Based Attack.International Conference on Computer Science and its Applications,Singapore:

1. 陳仕弘(2023)。資訊安全威脅與治理政策之探討。管理資訊計算，12(特刊1)，1-12。