Web Application DDOS Attacks Mitigation Using Resources Monitoring /
Mohamed Aly Mohamed
Web Application DDOS Attacks Mitigation Using Resources Monitoring / Mohamed Aly Mohamed - 2017 - 107 p. ill. 21 cm.
Supervisor: Nashwa Abd El-Baki
Thesis (M.A.)—Nile University, Egypt, 2017 .
"Includes bibliographical references"
Contents:
1 Introduction........................................................................................................1
1.1 Research Motivation.........................................................................................2
1.2 Thesis Outline and Structure............................................................................3
1.3 Approach and Methods.....................................................................................5
2 DDoS Background.............................................................................................7
2.1 Network Based DoS Attack...............................................................................8
2.1.1 TCP Syn Flood Attack............................................................................8
2.1.2 ICMP Attacks.........................................................................................9
2.1.3 UDP Flooding-Based DoS Attack..........................................................9
2.2 Application Layer Attacks................................................................................10
2.2.1 Difference Between Layer 3-4 and Layer 7 Attacks............................11
2.2.2 Application Layer Attack Vulnerable Systems.....................................12
2.2.3 Application Layer Attack Types............................................................12
2.2.4 Application Layer Attack Methods........................................................13
v
Slowloris HTTP Attack...............................................................................................13
Slow HTTP Post Attack.............................................................................................14
Servers Vulnerability.................................................................................................14
Slow Read DoS Attack..............................................................................................14
General Mitigation for Slow Attacks...........................................................................14
Apache Specific Rules..............................................................................................16
HTTP Flood Attack....................................................................................................16
Server Vulnerability...................................................................................................17
Attack Mitigation........................................................................................................17
2.3 Diversionary DoS Attacks...............................................................................18
3 Related Wًork....................................................................................................19
4 Analysis of Attack Effects on Server Resources..........................................25
4.1 Effects on Server Resources..........................................................................25
4.1.1 Effects of DDoS on CPU Usage..........................................................25
4.1.2 Effects of DoS Attack on Memory Usage............................................26
4.1.3 Effects of DDoS Attack on Number of Concurrent Connections
..........................................................................................................27
4.1.4 Effects of DDoS Attack on Server Response Time.............................29
4.1.5 Results.................................................................................................30
4.2 Creating Attack Profile Based on The Attack Effects......................................30
4.2.1 HTTP Flood - HTTP Slowloris Attack CPU Effects..............................31
4.2.2 HTTP Flood - HTTP Slowloris Attack Memory Effects........................32
4.2.3 HTTP Flood - HTTP Slowloris Number of Concurrent
Connection Effects...........................................................................33
4.2.4 HTTP Flood - HTTP Slowloris Response Time Effects.......................34
4.2.5 Results.................................................................................................34
4.3 Testing Current Mitigation Techniques............................................................35
4.3.1 Testing Mod_Requirements.................................................................36
4.3.2 Testing Mod _Security.........................................................................40
4.3.3 Results.................................................................................................41
4.4 Summary.........................................................................................................42
5Using Resource Monitoring Concept in The Proposed Approaches
..........................................................................................................45
5.1 Apache Multi Processing Module....................................................................45
5.2 Server Concurrent Connections.....................................................................46
5.3 Server Memory...............................................................................................47
5.4 Server Backlog................................................................................................48
5.5 Monitor Server CPU and Response Time......................................................48
vi
6 Proposed Mitigation Approaches..................................................................49
6.1 Reduced Database Version of The Web Application Technique....................49
6.1.1 System Implementation and Lab Setup..............................................50
6.1.2 Testing..................................................................................................51
6.2 Smart Load Balancing Technique...................................................................53
6.2.1 System Implementation and Lab Setup..............................................54
6.2.2 Testing..................................................................................................55
7 Results and Discussion..................................................................................57
8 Conclusions and Future Work........................................................................61
8.1 Conclusions....................................................................................................61
8.2 Future Work....................................................................................................62
References................................................
Abstract:
Denial of Service attacks are one of the most annoying day to day challenges for
any security expert and IT professional. This is according to the attack nature.
The attacks can be run against any kind of network resources, whether exposed
to the Internet or internally in a corporate network, regardless of the type of
service it provides and its role in the network.
There is no one complete solution or unified framework method against this type
of attack. The most dangerous type of DoS attack is the DDoS type. The attack
flows from many sources at the same time. In the context of mitigation from
DDoS attack, the detection mechanisms are the first step in the way.
Mechanisms like IPS and firewall are not effective because of the current
challenging DDoS attack methods against Application Layer. The attackers use
vulnerability in the application itself to disrupt the service it provides. Current
mitigation techniques depend on preventing the attack traffic from reaching web
servers.
In this thesis, we focus on the HTTP Application Layer DDoS attacks against web
servers. We analyze and demonstrate the effects of the DDoS attacks on the
server resources that is related to the web service and how it can interrupt or
disable the service. We propose new approach for mitigation that depends on
absorbing the attack effects on the web server and increases server’s resistance
against DDoS attacks.
Text in English, abstracts in English .
Information Security
Dissertation, Academic
658
Web Application DDOS Attacks Mitigation Using Resources Monitoring / Mohamed Aly Mohamed - 2017 - 107 p. ill. 21 cm.
Supervisor: Nashwa Abd El-Baki
Thesis (M.A.)—Nile University, Egypt, 2017 .
"Includes bibliographical references"
Contents:
1 Introduction........................................................................................................1
1.1 Research Motivation.........................................................................................2
1.2 Thesis Outline and Structure............................................................................3
1.3 Approach and Methods.....................................................................................5
2 DDoS Background.............................................................................................7
2.1 Network Based DoS Attack...............................................................................8
2.1.1 TCP Syn Flood Attack............................................................................8
2.1.2 ICMP Attacks.........................................................................................9
2.1.3 UDP Flooding-Based DoS Attack..........................................................9
2.2 Application Layer Attacks................................................................................10
2.2.1 Difference Between Layer 3-4 and Layer 7 Attacks............................11
2.2.2 Application Layer Attack Vulnerable Systems.....................................12
2.2.3 Application Layer Attack Types............................................................12
2.2.4 Application Layer Attack Methods........................................................13
v
Slowloris HTTP Attack...............................................................................................13
Slow HTTP Post Attack.............................................................................................14
Servers Vulnerability.................................................................................................14
Slow Read DoS Attack..............................................................................................14
General Mitigation for Slow Attacks...........................................................................14
Apache Specific Rules..............................................................................................16
HTTP Flood Attack....................................................................................................16
Server Vulnerability...................................................................................................17
Attack Mitigation........................................................................................................17
2.3 Diversionary DoS Attacks...............................................................................18
3 Related Wًork....................................................................................................19
4 Analysis of Attack Effects on Server Resources..........................................25
4.1 Effects on Server Resources..........................................................................25
4.1.1 Effects of DDoS on CPU Usage..........................................................25
4.1.2 Effects of DoS Attack on Memory Usage............................................26
4.1.3 Effects of DDoS Attack on Number of Concurrent Connections
..........................................................................................................27
4.1.4 Effects of DDoS Attack on Server Response Time.............................29
4.1.5 Results.................................................................................................30
4.2 Creating Attack Profile Based on The Attack Effects......................................30
4.2.1 HTTP Flood - HTTP Slowloris Attack CPU Effects..............................31
4.2.2 HTTP Flood - HTTP Slowloris Attack Memory Effects........................32
4.2.3 HTTP Flood - HTTP Slowloris Number of Concurrent
Connection Effects...........................................................................33
4.2.4 HTTP Flood - HTTP Slowloris Response Time Effects.......................34
4.2.5 Results.................................................................................................34
4.3 Testing Current Mitigation Techniques............................................................35
4.3.1 Testing Mod_Requirements.................................................................36
4.3.2 Testing Mod _Security.........................................................................40
4.3.3 Results.................................................................................................41
4.4 Summary.........................................................................................................42
5Using Resource Monitoring Concept in The Proposed Approaches
..........................................................................................................45
5.1 Apache Multi Processing Module....................................................................45
5.2 Server Concurrent Connections.....................................................................46
5.3 Server Memory...............................................................................................47
5.4 Server Backlog................................................................................................48
5.5 Monitor Server CPU and Response Time......................................................48
vi
6 Proposed Mitigation Approaches..................................................................49
6.1 Reduced Database Version of The Web Application Technique....................49
6.1.1 System Implementation and Lab Setup..............................................50
6.1.2 Testing..................................................................................................51
6.2 Smart Load Balancing Technique...................................................................53
6.2.1 System Implementation and Lab Setup..............................................54
6.2.2 Testing..................................................................................................55
7 Results and Discussion..................................................................................57
8 Conclusions and Future Work........................................................................61
8.1 Conclusions....................................................................................................61
8.2 Future Work....................................................................................................62
References................................................
Abstract:
Denial of Service attacks are one of the most annoying day to day challenges for
any security expert and IT professional. This is according to the attack nature.
The attacks can be run against any kind of network resources, whether exposed
to the Internet or internally in a corporate network, regardless of the type of
service it provides and its role in the network.
There is no one complete solution or unified framework method against this type
of attack. The most dangerous type of DoS attack is the DDoS type. The attack
flows from many sources at the same time. In the context of mitigation from
DDoS attack, the detection mechanisms are the first step in the way.
Mechanisms like IPS and firewall are not effective because of the current
challenging DDoS attack methods against Application Layer. The attackers use
vulnerability in the application itself to disrupt the service it provides. Current
mitigation techniques depend on preventing the attack traffic from reaching web
servers.
In this thesis, we focus on the HTTP Application Layer DDoS attacks against web
servers. We analyze and demonstrate the effects of the DDoS attacks on the
server resources that is related to the web service and how it can interrupt or
disable the service. We propose new approach for mitigation that depends on
absorbing the attack effects on the web server and increases server’s resistance
against DDoS attacks.
Text in English, abstracts in English .
Information Security
Dissertation, Academic
658