Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Mitigating Botnet-based DDoS Attacks against Web Servers

Djalaliev, Peter (2013) Mitigating Botnet-based DDoS Attacks against Web Servers. Doctoral Dissertation, University of Pittsburgh. (Unpublished)

Primary Text

Download (2MB) | Preview


Distributed denial-of-service (DDoS) attacks have become wide-spread on the Internet. They continuously target retail merchants, financial companies and government institutions, disrupting the availability of their online resources and causing millions of dollars of financial losses. Software vulnerabilities and proliferation of malware have helped create a class of application-level DDoS attacks using networks of compromised hosts (botnets). In a botnet-based DDoS attack, an attacker orders large numbers of bots to send seemingly regular HTTP and HTTPS requests to a web server, so as to deplete the server's CPU, disk, or memory capacity.

Researchers have proposed client authentication mechanisms, such as CAPTCHA puzzles, to distinguish bot traffic from legitimate client activity and discard bot-originated packets. However, CAPTCHA authentication is vulnerable to denial-of-service and artificial intelligence attacks. This dissertation proposes that clients instead use hardware tokens to authenticate in a federated authentication environment. The federated authentication solution must resist both man-in-the-middle and denial-of-service attacks. The proposed system architecture uses the Kerberos protocol to satisfy both requirements. This work proposes novel extensions to Kerberos to make it more suitable for generic web authentication.

A server could verify client credentials and blacklist repeated offenders. Traffic from blacklisted clients, however, still traverses the server's network stack and consumes server resources. This work proposes Sentinel, a dedicated front-end network device that intercepts server-bound traffic, verifies authentication credentials and filters blacklisted traffic before it reaches the server. Using a front-end device also allows transparently deploying hardware acceleration using network co-processors. Network co-processors can discard blacklisted traffic at the hardware level before it wastes front-end host resources.

We implement the proposed system architecture by integrating existing software applications and libraries. We validate the system implementation by evaluating its performance under DDoS attacks consisting of floods of HTTP and HTTPS requests.


Social Networking:
Share |


Item Type: University of Pittsburgh ETD
Status: Unpublished
CreatorsEmailPitt UsernameORCID
ETD Committee:
TitleMemberEmail AddressPitt UsernameORCID
Thesis AdvisorLee, Adam J.adamlee@cs.pitt.eduADAMLEE
Committee MemberZhang, Youtaozhangyt@cs.pitt.eduYOUTAO
Committee MemberMossé, Danielmosse@cs.pitt.eduMOSSE
Committee MemberKrishnamurthy, PRASHK
Date: 1 October 2013
Date Type: Publication
Defense Date: 15 July 2013
Approval Date: 1 October 2013
Submission Date: 16 August 2013
Access Restriction: No restriction; Release the ETD for access worldwide immediately.
Number of Pages: 140
Institution: University of Pittsburgh
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
Degree: PhD - Doctor of Philosophy
Thesis Type: Doctoral Dissertation
Refereed: Yes
Uncontrolled Keywords: DDoS, botnets, hardware tokens, federated authentication, Kerberos, RSA SecurID
Date Deposited: 01 Oct 2013 14:02
Last Modified: 15 Nov 2016 14:14


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item