Mitigation of Application Layer DDoS Flood Attack Against Web Servers

The Application-layer Distributed Denial of Service (App-DDoS) attack is one of the most menacing types of cyber-attacks that circumvent web servers. Since the attackers have developed different techniques and methods, preventing App- DDoS attacks has become more difficult than ever before. One of the most commonly and targeted protocols in the application-layer is HTTP-GET flooding attacks. The attacker sends a large number of HTTP-GET requests from different infected devices to force the server to assign the maximum resources available in response to every single request. The objective of this attack is to exhaust the server’s resources and deny service to the legitimate users. The App-DDoS attacks affect Quality of Service (QoS) and are extremely costly in terms of resource exhaustion. In this paper, we discuss development and testing of an App-DDoS attack detection and mitigation model in order to defend web servers against threats. Our design model employs three principle states: normal, screening and suspicious. The defense model transits between these modes based on the server load. We use Machine Learning (ML) techniques to provide high detection accuracy of App-DDoS attacks. Our experimental results demonstrate that this defense system is effective against App-DDoS attack.