Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites

Jaeyeon Jung, Balachander Krishnamurthy, Michael Rabinovich
11th International WWW Conference, Honolulu, HI, May 2002

This paper studies two types of events that often overload Web sites to a point when their services are degraded or disrupted entirely --- flash events (FEs) and denial of service attacks (DoS). The former are created by legitimate requests and the latter contain malicious requests whose goal is to subvert the normal operation of the site. We study the properties of both types of events with a special attention to characteristics that distinguish the two. Identifying these characteristics allows a formulation of a strategy for Web sites to quickly discard malicious requests. We also show that some content distribution networks (CDNs) may not provide the desired level of protection to Web sites against flash events. We therefore propose an enhancement to CDNs that offers better protection and use trace-driven simulations to study the effect of our enhancement on CDNs and Web sites. HTML On-line version

[PDF (1101KB)] [PostScript (2075KB)] [Gzipped PostScript (355KB)]

Bibtex Entry:

@inproceedings{jung2002flash,
   author =       "Jaeyeon Jung and Balachander Krishnamurthy and Michael Rabinovich",
   title =        "{Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites}",
   booktitle =    {11th International WWW Conference},
   year =         {2002},
   month =        {May},
   address =      {Honolulu, HI}
}