Application-Layer DDoS in Enterprise Networks and in the Cloud: Comprehensive Detection and Mitigation

企业网络和云中的应用层 DDoS：全面检测和缓解

• 批准号: RGPIN-2015-06159
• 负责人: Vlajic, Natalija
• 金额: $ 1.75万
• 依托单位: York University
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2016
• 资助国家: 加拿大
• 起止时间: 2016-01-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=613980
• 关键词: Application; Layer; DDoS; Enterprise; Networks

Attacks on data availability are commonly referred to as Denial of Service (DoS) attacks, with Distributed Denial of Service (DDoS) attacks being their most potent form. Nowadays, the means to carry out sophisticated and potent DDoS attacks are within easy reach of anyone with a computer and an Internet connection. Do-it-yourself simple-to-deploy DDoS attack tools can be obtained for only a few $100. Botnets-for-rent are also available for as little as $50 per one hour of rental time. Due to their great affordability combined with a significant damage potential, DDoS attacks have emerged as the weapon of choice for a number of different individual/groups, ranging from financially-motivated cyber criminals to politically-motivated ‘hacktivists’. Last year in the US alone an average of 28 DDoS attacks occurred every hour, with the average cost of 1 hour of DDoS-caused downtime estimated at $100,000. More than 40% of companies affected by DDoS have experienced consequent losses of over $1,000,000 (each). Application layer DDoS (AL-DDoS) is a relatively recently popularized and an extremely potent family of DDoS attacks. And while cyber-criminals are only learning how to use AL-DDoS to their full advantage, cyber-defenders already have hard time coping with the stealthiness and impact of these attacks. The long-term goal of the research outlined in this proposal is to advance the state of the art in the field of AL-DDoS, and make notable contributions towards the development of comprehensive techniques for AL-DDoS detection and mitigation. Specifically, by looking at some of the key emerging trends in the Internet, the research aims to study the impact of these trends on the way AL-DDoS attacks are conducted and defended against, and consequently propose solutions that are more effective and better attuned to the current and upcoming challenges of the networked world. The research will encompass the study of both, the traditional enterprise networks as well as the Cloud infrastructure, as there are some unique aspects of dealing with AL-DDoS in each of these environments. Some of the specific short-term goals of the proposed research include: study of bot-less AL-DDoS, study of AL-DDoS using bot anonymization, detection and mitigation of AL-DDoS in highly dynamic Web-domains, detection and mitigation of AL-DDoS in the future Internet of Things (IoT). We believe that the research outlined in this proposal is highly relevant and has a potential to produce significant impact on the state of the Internet security and beyond – in Canada as well as world-wide. We also believe that our general involvement with issues related to DDoS have already improved and will continue to strengthen the international reputation of Canadian-generated cybersecurity research.

对数据可用性的攻击通常被称为拒绝服务（DoS）攻击，其中分布式拒绝服务（DDoS）攻击是其最有效的形式。如今，任何拥有计算机和互联网连接的人都可以轻松实现复杂而强大的DDoS攻击。只需花费100美元即可获得自己动手的简单部署DDoS攻击工具。僵尸网络出租也可低至每小时50美元的租赁时间。由于其巨大的可负担性和巨大的破坏潜力，DDoS攻击已成为许多不同个人/团体的首选武器，从出于经济动机的网络犯罪分子到出于政治动机的“黑客活动家”。去年，仅在美国，平均每小时就发生28次DDoS攻击，DDoS造成的停机时间平均为1小时，估计为10万美元。超过40%的受DDoS影响的公司遭受了超过100万美元的损失。 应用层DDoS（AL-DDoS）是一种相对较新的DDoS攻击，也是一种非常强大的DDoS攻击。虽然网络犯罪分子只是在学习如何充分利用AL-DDoS，但网络防御者已经很难应对这些攻击的隐蔽性和影响。本提案中概述的研究的长期目标是推进AL-DDoS领域的最新技术，并为开发用于AL-DDoS检测和缓解的综合技术做出显着贡献。具体而言，通过研究互联网中的一些关键新兴趋势，该研究旨在研究这些趋势对AL-DDoS攻击进行和防御方式的影响，从而提出更有效，更好地适应当前和即将到来的网络世界挑战的解决方案。该研究将包括对传统企业网络和云基础设施的研究，因为在这些环境中处理AL-DDoS有一些独特的方面。拟议研究的一些具体的短期目标包括：研究无僵尸机器人的AL-DDoS，研究使用僵尸机器人匿名化的AL-DDoS，在高度动态的Web域中检测和缓解AL-DDoS，在未来物联网（IoT）中检测和缓解AL-DDoS。 我们认为，本提案中概述的研究具有高度相关性，并有可能对加拿大乃至全球的互联网安全状况产生重大影响。我们还相信，我们对DDoS相关问题的总体参与已经有所改善，并将继续加强网络安全研究的国际声誉。