Sustaining Availability of Web Services under Severe Denial of Service Attacks
Denial of service (DoS) is one of the most difficult security problems to address. While most existing techniques (e.g., IP traceback) focus on tracing the location of the attackers after-the-fact, little is done on how to mitigate the effect of an attack while it is raging on. We design a system that can sustain the availability of web services during severe DoS attacks. We observe that one of the major difficulties in doing this is that packets sent by attackers (bad traffic) can be completely indistinguishable from packets sent by legitimate users (good traffic), forcing a large percentage of good traffic to be dropped as a consequence. We develop a protocol that can effectively separate these two types of traffic in a statistical sense, and this separation process is secure and robust against various attacks. Therefore, by provisioning adequate resource (e.g., bandwidth) to `good traffic'' separated by this process, we are able to provide fairly good service to a large percentage of users even during severe DoS attacks. For one example, during an attack where the incoming traffic rate is 5 times as high as the link rate (i.e., 80 percent of traffic has to be dropped), the system can continue to serve 59 percent of users, with only 39 percent increase to average end-to-end download time of web pages. In comparison, without such a defense, no user would receive any service due to the long retransmission timeouts caused by the heavy packet loss. Our system and protocol are completely compatible with HTTP (and HTTPS) protocols and do not require any modification to web server or client software.