Characterizing the impacts of application layer DDoS attacks

Proceedings of IEEE International Conference on Web Services (ICWS 2017)

Distributed Denial of Service (DDoS) attacks are still among the most urgent threats to the modern Internet. Recently, application layer DDoS attacks against web servers are becoming popular, resulting in great revenue losses to victims. A systematic evaluation on the impacts of different DDoS attack methods is vital for the protection of web servers. In this paper, we examine the impacts of application layer DDoS attacks, including existing attacks against HTTP/1.1 and the new attacks proposed by us against HTTP/2.0. Moreover, to better understand attackers’ capabilities of launching severe application layer DDoS attacks, we design a new measurement method to remotely infer the performance of web servers and a method to differentiate dynamic and static URLs. We have collected and tailored 4 existing tools to launch 5 different DDoS attacks against HTTP/1.1 and developed a new DDoS tool to perform 5 different DDoS attacks against HTTP/2.0. By conducting extensive experiments in a testbed with two e-commercial websites running Apache and Nginx, we carefully evaluate the impacts of different DDoS attacks. The results show that the new remote measurement method is able to detect the effects caused by different DDoS attacks. Moreover, the attack impacts are affected by URLs, server architectures, and attack methods.