Mitigation of Application Layer DDoS Flood Attack Against Web Servers

Ahamed Aljuhani, Talal Alharbi, Bradley Taylor


The Application-layer Distributed Denial of Service (App-DDoS) attack is one of the most menacing types of cyber-attacks that circumvent web servers. Since the attackers have developed different techniques and methods, preventing App- DDoS attacks has become more difficult than ever before. One of the most commonly and targeted protocols in the application-layer is HTTP-GET flooding attacks. The attacker sends a large number of HTTP-GET requests from different infected devices to force the server to assign the maximum resources available in response to every single request. The objective of this attack is to exhaust the server’s resources and deny service to the legitimate users. The App-DDoS attacks affect Quality of Service (QoS) and are extremely costly in terms of resource exhaustion. In this paper, we discuss development and testing of an App-DDoS attack detection and mitigation model in order to defend web servers against threats. Our design model employs three principle states: normal, screening and suspicious. The defense model transits between these modes based on the server load. We use Machine Learning (ML) techniques to provide high detection accuracy of App-DDoS attacks. Our experimental results demonstrate that this defense system is effective against App-DDoS attack.

Full Text:



Singh K, Singh P, Kumar K. Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges. Computers & security. 2017 Mar 1;65:344- 72.

Singh K, Singh P, Kumar K. User behavior analytics-based classification of application layer HTTP-GET flood attacks. Journal of Network and Computer Applications. 2018 Jun 15;112:97-114.

Mansfield-Devine S. The growth and evolution of DDoS. Network Security. 2015 Oct 1;2015(10):13-20.

Alharbi, T., Aljuhani, A., Liu, H. and Hu, C., 2017, May. Smart and Lightweight DDoS Detection Using NFV. In Proceedings of the International Conference on Compute and Data Analysis (pp. 220-227). ACM.

Thapngam, T., Yu, S., Zhou, W., and Beliakov, G. 2011. Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (2011). DOI: infcomw.2011.5928950

eCommerce web site performance today. An updated look at consumer reaction to a poor online shopping experience. Online, 2012. Available: http://www.damcogroup. com/white papers/ecommerce_website_ perf_wp.pdf

ETSI, “Network functions virtualisation (NFV); Architectural Framework,” vol. 1, pp. 1–21, 2014.

Aljuhani, A. and Alharbi, T., 2017, January. Virtualized network functions security attacks and vulnerabilities. In Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual (pp. 1-4). IEEE.

Boro D, Bhattacharyya DK. DyProSD: a dynamic protocol specific defense for high-rate DDoS flooding attacks. Microsystem Technologies. 2017 Mar 1;23(3):593-611.

N. Woolf. “DDoS attack that disrupted internet was largest of its kind in history, experts say” Internet: https://www. ddos-attack-dyn-mirai-botnet, Oct. 26, 2016 [Dec. 2, 2016]

Neustar, “Worldwide DDoS Attacks & Cyber Insights Research Report,” Online, May 2017. [Online]. Available: https:// biz/201705-Security- Solutions-DDoS-SOC-Report-LP.html

Worldwide infrastructure security report. WISR2016_EN_Web.pdf, 12017.

Alharbi, T., Aljuhani, A. and Liu, H., 2017, January. Holistic DDoS mitigation using NFV. In Computing and Communication Workshop and Conference (CCWC), 2017 IEEE 7th Annual (pp. 1-4). IEEE.

ClarkNet-HTTP, contrib/ClarkNet-HTTP.html.

Somani, G., Johri, A., Taneja, M., Pyne, U., Gaur, M.S. and Sanghi, D., 2015, December. DARAC: DDoS mitigation using DDoS aware resource allocation in cloud. In International Conference on Information Systems Security (pp. 263- 282). Springer, Cham.

Singh, K.J. and De, T., 2015, January. DDOS attack detection and mitigation technique based on Http count and verification using CAPTCHA. In Computational Intelligence and Networks (CINE), 2015 International Conference on (pp. 196-197). IEEE.

Devi SR, Yogesh P. An effective approach to counter application layer DDoS attacks. In2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12) 2012 Jul 26 (pp. 1-4). IEEE.

Wang, Y., Liu, L., Si, C. and Sun, B., 2017. A novel approach for countering application layer DDoS attacks. In IEEE 2nd Advanced Information Technology, Electronic and Automation Control Conference (IAEAC) (pp. 1814-1817).

Le Q, Zhanikeev M, Tanaka Y. Methods of distinguishing flash crowds from spoofed DoS attacks. In2007 Next Generation Internet Networks 2007 May 21 (pp. 167- 173). IEEE.

Beitollahi H, Deconinck G. Connectionscore: a statistical technique to resist application-layer ddos attacks. Journal of Ambient Intelligence and Humanized Computing. 2014 Jun 1;5(3):425-42.

Github, DDoS Attack Tools, 2013. Retrieved from GoldenEye

Kaur H, Behal S, Kumar K. Characterization and comparison of distributed denial of service attack tools. InGreen Computing and Internet of Things (ICGCIoT), 2015 International Conference on 2015 Oct 8 (pp. 1139-1145). IEEE. Orebaugh A, Ramirez G, Beale J. Wireshark & Ethereal network protocol analyzer toolkit. Elsevier; 2006 Dec 18.


  • There are currently no refbacks.