Controlling Denial-of-Service

Attacks Using Web Referral

Architecture for Privileged
Service (WRAPS)
Introduction

• A Denial-of-Service (DoS) attacks have become a major

thread today’s Internet.
• DoS attack is an attack whereby one computer or a group of
loosely networked computers attempt to send too much
information to a remote computer or server, such as a web
server.
• A DoS floods the remote computer with so much traffic that
it cannot handle normal, valid requests made from others.
DoS attacks work as the remote computer cannot easily
distinguish requests and traffic sent from the DoS-attacking
machines versus that sent by valid means.
DoS Attacks
Abstract

• The web is a complicated referral graph, in which a

node (website) refers its visitors to others through
hyperlinks.
• In this paper propose to use this graph (called a
sitegraph ) as a resilient infrastructure to mitigate
flooding attacks on a website, using a new “Web
Referral Architecture for Privileged Service”
(WRAPS).
• WRAPS allows a legitimate client to obtain a
privilege URL through a simple click on a referral
hyperlink, from a website trusted by the target
Existing System
• DoS attacks seek to render target systems inoperable and/or
target networks inaccessible.
• "Traditional" DoS attacks, generate a large amount of traffic
from a given host or subnet and it is possible for a site to
detect such an attack in progress and defend themselves.
• Distributed DoS attacks are designed as a coordinated attack
from many sources simultaneously against one or more
targets.

• Types of DoS attack control approaches

1. Overlay-Based Approaches
2. Capability-Based Approaches
 Overlay-Based Approaches
• The routers around the protected web server in virtual
topology admit http traffic from only trusted locations
known to overlay nodes.
• A client has to first pass a CAPTCHA posed by an
overlay node, which then tunnels the client’s connection
to an approved location..

Capability-Based Approaches
• Authorize a legitimate client to establish a privileged communication
channel with a server using a secret token (capability).

• Protect connections against flooding attacks.

Drawbacks

• Set of dedicated nodes collaborate to protect an

important website, and need to modify protocols
and client-side software.

• Substantial difficulties for deployment.

• Overlay routing could increase end-to-end

latency.

• All existing Capability-based approaches require

modifications to client-side software.
Proposed System

• Effective defense against DDoS attacks is well

known to be a challenging task because of the
difficulty in eliminating the vulnerabilities
introduced during the design and implementation
of different network components, which can be
potentially exploited by the adversary.
• In this paper, WRAPS technique is aimed at
“raising the bar,” making a DDoS attack harder to
launch and easier to contain.
Module Diagram

Query Handler
Client 1

Server
MAC Generator &
Client 2 MAC verifier WRAPS
Technique

Metrics
Calculation

Database
Client n IP Handler
Advantages

• WRAPS does not require installing anything on a

Web client.
• WRAPS allows referral websites to offer a very
lightweight referral service.
• WRAPS also alters neither protocols nor client
software.
• WRAPS does not change packets’ routing paths
Future Enhancement

• Multi-tier architecture is the basis of this project.

Every future computer development is based on
n-tier applications.
• Suits well for distributed enterprise application.
• To control traffic replication of middle-tier can be
done.
• Re-compilation of the components not needed.
• High processing speed.
 Reference
• J. Wu and K. Aberer, “Using Siterank for p2p Web Retrieval,”
Technical Report IC/2004/31, Swiss Fed. Inst. Technology,
Mar.2004.

• X. Wang and M. Reiter, “Wraps: Denial-of-Service Defense

through Web Referrals,” Proc. 25th IEEE Symp. Reliable Distributed
Systems (SRDS), 2006.

• L. von Ahn, M. Blum, N.J. Hopper, and J. Langford,

“CAPTCHA: Using Hard AI Problems for Security,” Advances
in Cryptology—EUROCRYPT ’03. SpringerVerlag, 2003.