Evaluating security controls against HTTP-based DDoS attacks

摘要

Distributed Denial of Service attacks generally require a botmaster controlling a large number of infected systems (bots) in order to take down a target service. However, more recent DDoS attacks targeting at the HTTP layer can be very effective even with a small number of infected bots. In this paper we analyze DDoS attacks which require only a small number of bots to render a web server unavailable. In order to study their behavior, we implement a Botnet system in a test environment. We simulate bots by using both Linux and Windows-based systems infected with Slowloris, an HTTP syn-flooder, targeting to a vulnerable Apache web server. We apply several security controls in order to test their effectiveness against such attacks. Our results show that only a combination of carefully selected anti-DDoS controls can significantly reduce the exposure to such attacks without affecting the provided service.