Mitigating Browser-based DDoS Attacks using CORP

被引：2

作者：

Agrawall, Akash ^{[1
]}

Chaitanya, Krishna ^{[2
]}

Agrawal, Arnav Kumar ^{[3
]}

Choppella, Venkatesh ^{[1
]}

机构：

[1] IIIT Hyderabad, Hyderabad, India

[2] Microsoft India, Hyderabad, India

[3] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA

来源：

PROCEEDINGS OF THE 10TH INNOVATIONS IN SOFTWARE ENGINEERING CONFERENCE | 2017年

关键词：

DDoS; Browser-based DDoS; Browser; !text type='Java']Java[!/text]script; Cross-origin requests; MITM (Man in the middle);

D O I：

10.1145/3021460.3021477

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

On March 27, 2015, Github witnessed a massive DDoS attack, the largest in Github's history till date. In this incident, browsers and users were used as vectors to launch the attack. In this paper, we analyse such browser-based DDoS attacks and simulate them in a lab environment. Existing browser security policies like Same Origin Policy (SOP), Content Security Policy (CSP) do not mitigate these attacks by design. In this paper we observe that CORP (Cross Origin Request Policy), a browser security policy, can be used to mitigate these attacks. CORP enables a server to control cross-origin interactions initiated by a browser. The browser intercepts the cross-origin requests and blocks unwanted requests by the server. This takes the load off the server to mitigate the attack.

引用

页码：137 / 146

页数：10

共 50 条

[41] DDoS attacks detection in the cloud using K-medoids algorithm
Yoon, SeongHo
Kang, Miyoung
[J]. 2022 24TH INTERNATIONAL CONFERENCE ON ADVANCED COMMUNICATION TECHNOLOGY (ICACT): ARITIFLCIAL INTELLIGENCE TECHNOLOGIES TOWARD CYBERSECURITY, 2022,
[42] A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance
Daneshgadeh, Salva
Kemmerich, Thomas
Ahmed, Tarem
Baykal, Nazife
[J]. 2018 IEEE 17TH INTERNATIONAL SYMPOSIUM ON NETWORK COMPUTING AND APPLICATIONS (NCA), 2018,
[43] SMART: Shared Memory based SDN Architecture to Resist DDoS ATtacks
Belguith, Sana
Asghar, Muhammad Rizwan
Wang, Song
Gomez, Karina
Russello, Giovanni
[J]. PROCEEDINGS OF THE 17TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (SECRYPT), VOL 1, 2020, : 608 - 617
[44] Routing Loops as Mega Amplifiers for DNS-Based DDoS Attacks
Nosyk, Yevheniya
Korczynski, Maciej
Duda, Andrzej
[J]. PASSIVE AND ACTIVE MEASUREMENT (PAM 2022), 2022, 13210 : 629 - 644
[45] Intrusion Detection Systems of ICMPv6-based DDoS attacks
Omar E. Elejla
Bahari Belaton
Mohammed Anbar
Ahmad Alnajjar
[J]. Neural Computing and Applications, 2018, 30 : 45 - 56
[46] Detecting TCP-based DDoS attacks by linear regression analysis
Chen, EY
[J]. 2005 IEEE International Symposium on Signal Processing and Information Technology (ISSPIT), Vols 1 and 2, 2005, : 381 - 386
[47] DNS Amplification Based DDoS Attacks in SDN Environment: Detection and Mitigation
Gupta, Vishal
Kochar, Amrit
Saharan, Shail
Kulshrestha, Rakhee
[J]. 2019 IEEE 4TH INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATION SYSTEMS (ICCCS 2019), 2019, : 473 - 478
[48] Ranking of Machine learning Algorithms Based on the Performance in Classifying DDoS Attacks
Robinson, Rejimol R. R.
Thomas, Ciza
[J]. PROCEEDINGS OF THE 2015 IEEE RECENT ADVANCES IN INTELLIGENT COMPUTATIONAL SYSTEMS (RAICS), 2015, : 185 - 190
[49] DATCONS: Protecting Web-Based QoS from DDoS Attacks
Yuan, Yi
Ng, Hoong Kee
[J]. 2006 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, VOLS 1 AND 2, 2006, : 935 - 938
[50] Intrusion Detection Systems of ICMPv6-based DDoS attacks
Elejla, Omar E.
Belaton, Bahari
Anbar, Mohammed
Alnajjar, Ahmad
[J]. NEURAL COMPUTING & APPLICATIONS, 2018, 30 (01) : 45 - 56

← 1 2 3 4 5 →