Detection of Web DenialofService Attacks using decoy hyperlinks - PowerPoint PPT Presentation
1 / 20
Title:
Detection of Web DenialofService Attacks using decoy hyperlinks
Description:
Denial-of-Service (DoS) attack on Web services: Exhaust web ... Simulate web-surfer navigation. Presentation Overview. Web DoS definition. Previous Work ... – PowerPoint PPT presentation
Number of Views:28
Avg rating:3.0/5.0
Title: Detection of Web DenialofService Attacks using decoy hyperlinks
1
Detection of Web Denial-of-Service Attacks using
decoy hyperlinks
- Dimitris Gavrilis (gavrilis_at_upatras.gr),
- Ioannis S. Chatzis (chatzis_at_upatras.gr)
- Evangelos Dermatas (dermatas_at_george.wcl2.ee.upatra
s.gr) - Electrical Computer Engineering Department,
- University of Patras
2
Presentation Overview
- Web DoS definition
- Previous Work
- Decoy Hyperlinks
- Experimental Results
- Conclusions Future Work
3
Web Denial-of-Service Attacks
- Denial-of-Service (DoS) attack on Web services
- Exhaust web servers resources.
- Reduce web servers servicing capacity.
- (Typical web server 100-250 users)
4
Web DoS Categorization
- Type-1
- Request the same page
- Type-2
- Request random page
- Type-3
- Simulate web-surfer navigation
5
Presentation Overview
- Web DoS definition
- Previous Work
- Decoy Hyperlinks
- Experimental Results
- Conclusions Future Work
6
Previous Work
- Use of various thresholds to limit the users
- Connections / IP Address
- Requests / File
- Use of Turing-tests to identify real-users
- Distorted images
7
Thresholds
- If ( OpenFiles( IP_Address , 10 sec ) gt Thr )
Then Block - If ( OpenFiles( File_Name , 15 sec ) gt Thr ) Then
Block - Problems does not work on simulated navigation
(Type-3 attacks).
8
Turing-Tests
- The use of Turing-tests to identify real users is
effective and widely used.
- Problems
- Hard to use (non-personalized web sites).
- Not accessible
9
Presentation Overview
- Web DoS definition
- Previous Work
- Decoy Hyperlinks
- Experimental Results
- Conclusions Future Work
10
Decoy-Hyperlinks
- Hyperlink traps embedded on a web page.
- Invisible to real users.
11
Method Advantages
- Simple Easy to implement.
- Transparent to normal users.
- Works on non-personalized web-sites (does not
require authentication).
12
Requirements
- Use of decoys that minimize false positives.
- Place decoys on a subset of the websites pages
that give a maximum detection probability.
13
Presentation Overview
- Web DoS definition
- Previous Work
- Decoy Hyperlinks
- Experimental Results
- Conclusions Future Work
14
Decoy Examples
- Measured FP rate lt 10-4 (19/45121)
- A few pixels in an image map.
- A hyperlink whose color is the same as the
background of the page. - Hyperlinks with an empty text.
- Hidden tables that include hyperlinks.
15
Decoy Deployment
- Map website to a graph
- Simulation on 1000 random web sites (500 pages).
- Attack consists of 1000 click streams.
16
Decoy Deployment 2
- Three experimentally selection functions.
- Best results
- (decoys 10 ? 0.35 detection prob.)
17
Detection Probability vs Click stream Length
o Len6 Len9 Len12
18
Presentation Overview
- Web DoS definition
- Previous Work
- Decoy Hyperlinks
- Experimental Results
- Conclusions Future Work
19
Conclusions
- A novel very simple method for Web DoS
detection. - Can detect complex Web Attacks
- Once the attacker is detected, its IP address
can be blocked.
20
Future Work
- Dynamic Decoy deployment
- (moving traps).
- Experiments with real data.
- Block Type-3 attacks that use predefined
patterns.
Recommended
CrystalGraphics Presentations
