Uma Arquitetura para Mitigar Ataques DDoS em Serviços Web sob Nuvem
Abstract
Distributed Denial of Service (DDoS) attacks are often neglected because they cause just a temporary interruption of the system normal functioning. With the advent of paradigms like Cloud Computing, mitigating DDoS attacks giving more resources to the applications has become a feasible alternative, but entails the Economic DDoS problem. This paper presents an architecture to mitigate DDoS attacks against a Cloud hosted application. Such architecture is based on the idea of instantiating a replica of the application - simple operation for a Cloud - and redirecting only authentic queries to the new replica. The proposed architecture does not need to identify the attackers and, even so, it filters only authentic traffic, without extra overhead and potential categorization errors that could arise when trying to identify the clients.
References
Bellaiche, M. and Gregoire, J.-C. (2008). Measuring defense systems against flooding attacks. In Wireless Communications and Mobile Computing Conference, 2008. IWCMC ’08. International, pages 600–605.
Dietrich, S., Goddard, N., and Long, N. (2000). Analyzing distributed denial of service tools: The shaft case. In In Proceedings of USENIX LISA’2000, pages 329–339.
Hazelhurst, S. (2008). Scientific computing using virtual high-performance computing: a case study using the amazon elastic computing cloud. In Proceedings of the 2008 SAICSIT’08, pages 94–103, New York. ACM.
Heroku (2012). http://www.heroku.com/.
Khor, S. H. and Nakao, A. (2009). spow: On-demand cloud-based eddos mitigation mechanism. HotDep (Fifth Workshop on Hot Topics in System Dependability).
Liu, H. (2010). A new form of dos attack in a cloud and its avoidance mechanism. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop, CCSW ’10, pages 65–76, New York.
Peng, T., Leckie, C., and Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the dos and ddos problems. ACM Comput. Surv., 39.
Pianese, F., Bosch, P., Duminuco, A., Janssens, N., Stathopoulos, T., and Steiner, M. (2010). Toward a cloud operating system. In Network Operations and Management Symposium Workshops (NOMS Wksps), 2010 IEEE/IFIP, pages 335 –342.
Redis (2012). http://redis.io/.
RubyOnRails (2012). http://rubyonrails.org/.
Sachdeva, M., Singh, G., Kumar, K., and Singh, K. (2008). Ddos incidents and their impact: A review.
Stavrou, A., Cook, D. L., Morein, W. G., Keromytis, A. D., Misra, V., and Rubenstein, D. (2005). Websos: an overlay-based system for protecting web servers from denial of service attacks. Computer Networks, 48:781–807.
Verkaik, P., Spatscheck, O., Van der Merwe, J., and Snoeren, A. C. (2006). Primed: community-of-interestbased ddos mitigation. In Proceedings of the 2006 SIGCOMM, LSAD ’06, pages 147–154, New York. ACM.
