New sensing technique for detecting application layer DDoS attacks targeting back-end database resources

David Beckett; Sakir Sezer; John McCanny

doi:10.1109/ICC.2017.7997376

New sensing technique for detecting application layer DDoS attacks targeting back-end database resources

David Beckett, Sakir Sezer, John McCanny

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

428 Downloads (Pure)

Abstract

Distributed Denial of Service (DDoS) attacks targeting the application layer are becoming more prevalent due to a lack of suitable defence solutions. Existing research treats the web server environment as a black box, by only monitoring the edge network traffic; however, we believe that this approach limits the accuracy of the detection system as it does not protect the back-end database servers. In this paper we propose a new sensor located within the back-end system, which can produce additional database features. This allows for real-time insight into the actual database workload caused by each user enabling the detection of DDoS attacks targeting high database consumption resources. These resource metrics are analysed in real-time on a live website, using a decision tree classification engine. Our preliminary results show that a low rate asymmetric attack as low as 1 request every 10 seconds can be detected using these proposed features.

Original language	English
Title of host publication	2017 IEEE International Conference on Communications (ICC): Proceedings
Publisher	IEEE
Number of pages	7
ISBN (Electronic)	978-1-4673-8999-0
ISBN (Print)	978-1-4673-9000-2
DOIs	https://doi.org/10.1109/ICC.2017.7997376
Publication status	Published - 31 Jul 2017

Publication series

Name	IEEE International Conference on Communications (ICC): Proceedings
Publisher	IEEE
ISSN (Electronic)	1938-1883

Access to Document

10.1109/ICC.2017.7997376Licence: Unspecified

New Sensing Technique for Detecting Application Layer DDoS Attacks Targeting Back-end Database Resources
© 2017 The Authors. This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 392 KBLicence: Unspecified

Fingerprint Dive into the research topics of 'New sensing technique for detecting application layer DDoS attacks targeting back-end database resources'. Together they form a unique fingerprint.

Cite this

@inproceedings{eee6a9088b694401b25af6b44cfd862b,

title = "New sensing technique for detecting application layer DDoS attacks targeting back-end database resources",

abstract = "Distributed Denial of Service (DDoS) attacks targeting the application layer are becoming more prevalent due to a lack of suitable defence solutions. Existing research treats the web server environment as a black box, by only monitoring the edge network traffic; however, we believe that this approach limits the accuracy of the detection system as it does not protect the back-end database servers. In this paper we propose a new sensor located within the back-end system, which can produce additional database features. This allows for real-time insight into the actual database workload caused by each user enabling the detection of DDoS attacks targeting high database consumption resources. These resource metrics are analysed in real-time on a live website, using a decision tree classification engine. Our preliminary results show that a low rate asymmetric attack as low as 1 request every 10 seconds can be detected using these proposed features.",

author = "David Beckett and Sakir Sezer and John McCanny",

year = "2017",

month = jul,

day = "31",

doi = "10.1109/ICC.2017.7997376",

language = "English",

isbn = "978-1-4673-9000-2",

series = "IEEE International Conference on Communications (ICC): Proceedings",

publisher = " IEEE ",

booktitle = "2017 IEEE International Conference on Communications (ICC): Proceedings",

}

New sensing technique for detecting application layer DDoS attacks targeting back-end database resources. / Beckett, David; Sezer, Sakir ; McCanny, John.

2017 IEEE International Conference on Communications (ICC): Proceedings. IEEE , 2017. (IEEE International Conference on Communications (ICC): Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - New sensing technique for detecting application layer DDoS attacks targeting back-end database resources

AU - Beckett, David

AU - Sezer, Sakir

AU - McCanny, John

PY - 2017/7/31

Y1 - 2017/7/31

N2 - Distributed Denial of Service (DDoS) attacks targeting the application layer are becoming more prevalent due to a lack of suitable defence solutions. Existing research treats the web server environment as a black box, by only monitoring the edge network traffic; however, we believe that this approach limits the accuracy of the detection system as it does not protect the back-end database servers. In this paper we propose a new sensor located within the back-end system, which can produce additional database features. This allows for real-time insight into the actual database workload caused by each user enabling the detection of DDoS attacks targeting high database consumption resources. These resource metrics are analysed in real-time on a live website, using a decision tree classification engine. Our preliminary results show that a low rate asymmetric attack as low as 1 request every 10 seconds can be detected using these proposed features.

AB - Distributed Denial of Service (DDoS) attacks targeting the application layer are becoming more prevalent due to a lack of suitable defence solutions. Existing research treats the web server environment as a black box, by only monitoring the edge network traffic; however, we believe that this approach limits the accuracy of the detection system as it does not protect the back-end database servers. In this paper we propose a new sensor located within the back-end system, which can produce additional database features. This allows for real-time insight into the actual database workload caused by each user enabling the detection of DDoS attacks targeting high database consumption resources. These resource metrics are analysed in real-time on a live website, using a decision tree classification engine. Our preliminary results show that a low rate asymmetric attack as low as 1 request every 10 seconds can be detected using these proposed features.

U2 - 10.1109/ICC.2017.7997376

DO - 10.1109/ICC.2017.7997376

M3 - Conference contribution

SN - 978-1-4673-9000-2

T3 - IEEE International Conference on Communications (ICC): Proceedings

BT - 2017 IEEE International Conference on Communications (ICC): Proceedings

PB - IEEE

ER -