Preventing Internet Denial-of-Service with Capabilities
M. Bhasker1 and K. Srinivas2
Sri Chaitanya College of Engineering, Karim nagar, Andhra Pradesh, A.P.
The web is a complicated graph, with millions of websites interlinked together. In this paper, we propose to use this web site graph structure to mitigate flooding attacks on a website, using a new web referral architecture for privileged service (“WRAPS”). WRAPS allows a legitimate client to obtain a privilege URL through a simple click on a referral hyperlink, from a website trusted by the target website. Using that URL, the client can get privileged access to the target website in a manner that is far less vulnerable to a distributed denial-of-service (DDoS) flooding attack than normal access would be. WRAPS does not require changes to web client software and is extremely lightweight for referrer websites, which makes its deployment easy. The massive scale of the web site graph could deter attempts to isolate a website through blocking all referrers. We present the design of WRAPS, and the implementation of a prototype system used to evaluate our proposal. Our empirical study demonstrates that WRAPS enables legitimate clients to connect to a website smoothly in spite of a very intensive flooding attack, at the cost of small overheads on the website’s ISP’s edge routers. We discuss the security properties of WRAPS and a simple approach to encourage many small websites to help protect an important site during DoS attacks.
Index Terms — Denial of service, WRAPS, web sitegraph, capability.
International eJournal of Mathematical Sciences, Technology and Humanities
Volume 2, Issue 5, Pages: 860 - 884