WebSOS: Protecting Web Servers From DDoS Attacks

Cook, Debra L.; Morein, William G.; Keromytis, Angelos D.; Misra, Vishal; Rubenstein, Daniel Stuart

We present the WebSOS architecture, a mechanism for countering denial of service (DoS) attacks against web servers. WebSOS uses a combination of overlay networking, content-based routing, and aggressive packet filtering to guarantee access to a service that is targeted by a DoS attack. Our approach requires no modifications to servers or browsers, and makes use of the web proxy feature and TLS client authentication supported by modern browsers. We use a WebSOS prototype to conduct a preliminary performance evaluation both on the local area network and over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency imposed by the architecture to increase by a factor of 5 on average. We conclude that this overhead is reasonable in the context of a determined DoS attack.



Also Published In

ICON 2003 the 11th IEEE International Conference on Networks: Sydney, Australia, September 28-October 1, 2003

More About This Work

Academic Units
Computer Science
Published Here
July 5, 2012