Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites

Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites

Jaeyeon Jung, Balachander Krishnamurthy, and Michael Rabinovich (AT&T Labs-Research)
WWW 11- The Eleventh International World Wide Web Conference, Honolulu, Hawaii, May 2002.

This paper studies two types of events that often overload Web sites to a point when their services are degraded or disrupted entirely --- flash events (FEs) and denial of service attacks (DoS). The former are created by legitimate requests and the latter contain malicious requests whose goal is to subvert the normal operation of the site. We study the properties of both types of events with a special attention to characteristics that distinguish the two. Identifying these characteristics allows a formulation of a strategy for Web sites to quickly discard malicious requests. We also show that some content distribution networks (CDNs) may not provide the desired level of protection to Web sites against flash events. We therefore propose an enhancement to CDNs that offers better protection and use trace-driven simulations to study the effect of our enhancement on CDNs and Web sites.

[ Gzipped PostScript (364K)] [ PostScript (2,125K)]] [ PDF (1,127K)] [ HTML]