Academic Commons

Articles

WebSOS: Protecting Web Servers From DDoS Attacks

Cook, Debra L.; Morein, William G.; Keromytis, Angelos D.; Misra, Vishal; Rubenstein, Daniel Stuart

We present the WebSOS architecture, a mechanism for countering denial of service (DoS) attacks against web servers. WebSOS uses a combination of overlay networking, content-based routing, and aggressive packet filtering to guarantee access to a service that is targeted by a DoS attack. Our approach requires no modifications to servers or browsers, and makes use of the web proxy feature and TLS client authentication supported by modern browsers. We use a WebSOS prototype to conduct a preliminary performance evaluation both on the local area network and over the Internet using PlanetLab, a testbed for experimentation with network overlays. We determine the end-to-end latency imposed by the architecture to increase by a factor of 5 on average. We conclude that this overhead is reasonable in the context of a determined DoS attack.

Subjects

Files

Also Published In

Title
ICON 2003 the 11th IEEE International Conference on Networks: Sydney, Australia, September 28-October 1, 2003
Publisher
IEEE
DOI
https://doi.org/10.1109/ICON.2003.1266234

More About This Work

Academic Units
Computer Science
Published Here
July 5, 2012
Academic Commons provides global access to research and scholarship produced at Columbia University, Barnard College, Teachers College, Union Theological Seminary and Jewish Theological Seminary. Academic Commons is managed by the Columbia University Libraries.