WebSOS: Protecting Web Servers From DDoS Attacks

Free registration required

Executive Summary

This paper presents the WebSOS architecture, a mechanism for countering Denial of Service (DoS) attacks against web servers. WebSOS uses a combination of overlay networking, content-based routing, and aggressive packet filtering to guarantee access to a service that is targeted by a DoS attack. The approach requires no modifications to servers or browsers, and makes use of the web proxy feature and TLS client authentication supported by modern browsers. Authors use a WebSOS prototype to conduct a preliminary performance evaluation both on the local area network and over the Internet using PlanetLab, a testbed for experimentation with network overlays. They determine the end-to-end latency imposed by the architecture to increase by a factor of 5 on average. Authors conclude that this overhead is reasonable in the context of a determined DoS attack.

  • Format: PDF
  • Size: 71.8 KB