• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Vulnerable Path Attack and its Detection


Abstract

Application-layer Distributed Denial-of-Service (DDoS) attack is one of the leading security problems in the Internet. In recent years, the attack strategies of application-layer DDoS have rapidly developed. This paper introduces a new attack strategy named Path Vulnerabilities-Based (PVB) attack. In this attack strategy, an attacker first analyzes the contents of web pages and subsequently measures the actual response time of each webpage to build a web-resource-weighted-directed graph. The attacker uses a Top M Longest Path algorithm to find M DDoS vulnerable paths that consume considerable resources when sequentially accessing the pages following any of those paths. A detection mechanism for such attack is also proposed and discussed. A finite-state machine is used to model the dynamical processes for the state of the user’s session and monitor the PVB attacks. Numerical results based on real-traffic simulations reveal the efficiency of the attack strategy and the detection mechanism.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Chuyu She, Wushao Wen, Quanqi Ye and Kesong Zheng, "Vulnerable Path Attack and its Detection," KSII Transactions on Internet and Information Systems, vol. 11, no. 4, pp. 2149-2170, 2017. DOI: 10.3837/tiis.2017.04.018

[ACM Style]
She, C., Wen, W., Ye, Q., and Zheng, K. 2017. Vulnerable Path Attack and its Detection. KSII Transactions on Internet and Information Systems, 11, 4, (2017), 2149-2170. DOI: 10.3837/tiis.2017.04.018