Journal of the Korea Society of Computer and Information (한국컴퓨터정보학회논문지)

Korean Society of Computer Information (한국컴퓨터정보학회)
권호 표지
DOI QR코드

DOI QR Code

One-time Session Key based HTTP DDoS Defense Mechanisms

일회성 세션 키 기반 HTTP DDoS 공격 방어기법

  • 최상용 (한국과학기술원 사이버보안연구센터) ;
  • 강익선 (한국과학기술원 사이버보안연구센터) ;
  • 김용민 (전남대학교 문화콘텐츠학부 전자상거래전공)
  • Received : 2013.07.09
  • Accepted : 2013.08.02
  • Published : 2013.08.30
Download PDF
⟨ Previous Next ⟩

Abstract

DDoS attacks have became as a social threat since 2009 7.7 DDoS turmoil. Even though defence techniques have been developing to provide against those threats, they become much more sophisticate. In recent years, the attack form of DDoS is changing from high amount of traffic attack of network layers to highly sophisticate small amount of application layers. To make matters worse, attack agent for the attack has became very intelligent so that it is difficult to be blocked since it can't be distinguished from normal PCs. In the user authentication system(such as CAPTCHA) User intervention is required to distinguish normal PCs and intelligent attack agents and in particular, in a NAT environment, IP-based blocking method can be cut off the normal users traffic at the same time. This research examined defense techniques which are able to distinguish between agent and normal PC and effectively block ways the HTTP DDoS offense applying one-time session key based authentication method using Cookie which is used in HTTP protocol to protect web sever from sophisticate application layer of DDoS.

2009년 77DDoS 대란 이후 DDoS 공격은 사회적 위협으로 발전하고 있다. 이러한 위협에 대응하기 위해 다양한 DDoS방어기법이 연구되고 있으나, DDoS 공격기법 또한 더욱 정교해지고 있다. DDoS 공격의 형태는 과거 네트워크계층의 대용량 트래픽 공격에서 최근에는 애플리케이션 계층의 소량의 정교한 형태(Slow DDoS Attack)로 변하고 있으며 공격을 위한 공격에이전트 또한 더욱 지능화 되고 정상 PC와 구분이 모호하여 차단이 더욱 어렵게 되고 있다. 정상PC와 지능화된 공격에이전트 구분을 위해 최근 사용되는 사용자인증시스템(CAPTCHA)의 경우 인증과정에서 사용자의 개입이 필요하며, 특히 NAT 환경에서 IP 기반 차단 방법은 정상사용자의 트래픽까지 동시 차단될 수 있다. 본 논문에서는 HTTP 프로토콜에서 사용하는 쿠키를 활용한 일회성 세션 키 기반 인증방법을 적용하여 공격 에이전트와 정상 PC를 구분, HTTP DDoS 공격을 효과적으로 차단하기 위한 방어기법을 제안한다.

Keywords

References

  1. Changbaek Jang, "Using CDN Technique Smart DNS of DDoS Attack Protection," Master's Thesis, Soongsil University, 2010.
  2. Jungmin Choi, "Design of dynamic load balancing algorithm for anti-DDoS system," Master's Thesis, Konkuk University, 2011.
  3. SungSoo Park, "A Study on CAPTCHA-Based Mitigation of DDoS Attacks," Master's Thesis, Dongguk University, 2010.
  4. Jelena Mirkovic, Peter Reiher, "A Taxonomy of DDoS Attack and DdoS Defense Mechanisms," ACM SIGCOMM computer Communitions Review, Vol. 34, No. 2, pp. 39-54. April. 2004
  5. Jahyun Koo, "Type and Response for Denial of Service," Institute for Information Technology Advancement, Weekly Technical Trends, Vol. 1377, Dec. 2008.
  6. Jinwon Seo, "The Design of Anti-DDos System using Defense on Depth," Journal of Korea Institute of Information Security and Cryptology Vol. 22, No. 3, pp. 679-689, July, 2012.
  7. Kelly jackson Higgins, "Researchers To Demonstrate New Attack That Exploits HTTP", 2010 OWASP AppSec Conference, Nov. 2010
  8. Slowloris HTTP DoS, http://ha.ckers.org/slowloris/
  9. Slow Read DDoS, https://community.qualys.com /blogs/securitylabs/2012/01/05/slow-read
  10. secunuews, http://www.ahnlab.com/kr/site /securityinfo/secunews/secuNewsView.do?menu_ dist=2&seq= 16316
  11. Ahnlab ASEC Report, http://download.ahnlab .com/ asecReport/ASEC_Report_200907.pdf,
  12. 3.4 DDoS Analysis Report, http://www. ahnlab .com
  13. Laura Feinstein, Dan Schnackenberg, "Statistial Approaches to DDoS Attack Detection and Response" DARPA Information Survivability conference and Exposition, pp. 303-314, April.2003
  14. Namgyun Baek, " A Study on Efficient DDoS Attack Defense Scheme Using Performance Measurement Metrics based on Web Protocol's Features," PhD thesis, Soongsil University, 2011.
  15. Daeseop Lee, "Analysis of Defense Method for HTTP POST DDoS Attack base on Content-Length Control," Journal of Korea Institute of Information Security and Cryptology, Vol. 22, No. 4, pp. 809-817, August. 2012.
  16. Dongmaeng Kim, "A Study of Information System Optimization for DDoS Attaks resopnse" Master's Thesis, Konkuk University, 2012.
  17. Jonggap Jeung, "A client-based DDoS attack defense mechanism through user authentication" Master's Thesis, Korea University, 2012.
  18. RFC 2109 - HTTP State Management Mechanism
  19. RFC 2616 - Hypertext Transfer Protocol - HTTP/1.1

Cited by

  1. DRDoS 증폭 공격 대응 시스템 vol.10, pp.12, 2013, https://doi.org/10.22156/cs4smb.2020.10.12.022