Denying Attacks
A two-layer system stops intelligent denial-of-service attacks

Source: “Mitigating Application-Level Denial of Service Attacks on Web Servers: A Client-Transparent Approach”
Mudhakar Srivatsa et al.
ACM Transactions on the Web, July 2008: 15

Results: Researchers at IBM’s T. J. Watson Research Center and Georgia Tech have developed new security software that minimizes the effects of a type of attack that ties up websites with automated requests, preventing people from using them. The software is tailored to websites that host applications, such as word-­processing and ­interactive-shopping programs.

Why it matters: Denial-of-service attacks can shut down websites, potentially costing millions in revenue. They’re particularly difficult to prevent on websites that host applications, since the automated requests can look very similar to requests from real website users. Distinguishing legitimate users from attackers usually requires cumbersome and inconvenient procedures for logging in to a site. The new software avoids this requirement.

Methods: The researchers wrote algorithms for two filtering systems that prevent attacks. The first limits the total number of requests to the website; the second gives priority to certain users on the basis of what they do on the site. For example, a user who frequently hits the “buy” button will be given higher priority, while users making a quick succession of demanding requests–for example, to download many large image files–will be given a low ­priority. Would-be attackers would tend to make more requests that use up a lot of bandwidth, memory, or processing power but would not perform valuable actions such as making purchases, so they would be flagged; their access to the site would be reduced and eventually cut off.

Next steps: To use the system, programmers must categorize the activities of a website’s users and assign values to each activity. The researchers’ system currently provides an interface that allows programmers to do this. They plan to improve the interface, developing tools to help programmers make the necessary judgments.