Application DoS attack, which aims at disrupting application service rather than depleting the network resource, has emerged as a larger threat to network services, compared to the classic DoS attack. Owing to its high similarity to legitimate traffic and much lower launching overhead than classic DDoS attack, this new assault type cannot be efficiently detected or prevented by existing detection solutions. To identify application DoS attack, we propose a novel group testing (GT)-based approach deployed on back-end servers, which not only offers a theoretical method to obtain short detection delay and low false positive/negative rate, but also provides an underlying framework against general network attacks. In proposed system, Appropriation can be made in sequential algorithm to avoid requirement of isolating attackers. It improves the detection rate of application DoS attack with heuristic algorithm for constraint-based group testing and variants of anomaly detection in application request. Attackers use same functions to control speed of attack package pumping to the victim.
The proposed model develops counter mechanism to mitigate the potency of the resource attacks and evaluate the efficacy. Asymmetric attack overwhelms the server resources, by increasing the response time of legitimate clients from 0.1 seconds to 10 seconds. Under the same attack scenario, DDoS Shield limits the effects of false-negatives and false-positives and improves the victims’ performance to 0.8 seconds. The proposed access matrix captures the spatial-temporal patterns of a normal flash crowd. Principal component analysis and independent component analysis are applied to abstract the multidimensional access matrix. The anomaly detector based on hidden Markov model is proposed to describe the dynamics of Access Matrix and to detect the attacks. Numerical results based on real Web traffic data are presented to demonstrate the effectiveness of the proposed method.

S. Ranjan, R. Swami Nathan, M. Uysal, and E. Knightly, “DDos- Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection,” Proc. IEEE INFOCOM, Apr. 2006.

S. Vries, “A Corsaire White Project: Application Denial of Service (DoS) Attacks,” http://research.corsaire.com/whiteprojects/ 040405-application-level-dos-attacks.pdf, 2010.

S. Kandula, D. Katabi, M. Jacob, and A.W. Berger, “Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds,” Proc. Second Symp. Networked Systems Design and Implementation (NSDI), May 2005.

S. Khattab, S. Gobriel, R. Melhem, and D. Mosse, “Live Baiting for Service-Level DoS Attackers,” Proc. IEEE INFOCOM, 2008.

M.T. Thai, Y. Xuan, I. Shin, and T. Znati, “On Detection of Malicious Users Using Group Testing Techniques,” Proc. Int’l Conf. Distributed Computing Systems (ICDCS), 2008.

M.T. Thai, P. Deng, W. Wu, and T. Znati, “Approximation Algorithms of No unique Probes Selection for Biological Target Identification,” Proc. Conf. Data Mining, Systems Analysis and Optimization in Biomedicine, 2007.

J. Mirkovic, J. Martin, and P. Reiher, “A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms,” Technical Report 020018, Computer Science Dept., UCLA, 2002.

M.J. Atallah, M.T. Goodrich, and R. Tamassia, “Indexing Information for Data Forensics,” Proc. Int’l Conf. Applied Cryptography and Network Security (ACNS), pp. 206-221, 2005.

J. Lemon, “Resisting SYN Flood DoS Attacks with a SYN Cache,” Proc. BSDCON, 2002.

Service Provider Infrastructure Security, “Detecting, Tracing, and Mitigating Network-Wide Anomalies,”http://www. arbornetworks.com, 2005.