Sophisticated Denial of Service attacks aimed at application layer

Popularity of application services offered by Internet has grown a lot in recent years. Basically, Internet was built with the focus on its functionality and not with the focus on the security tasks. This has led to discovering embedded weaknesses in Internet architecture, which can be misused by attackers with malicious purposes. This paper focuses on application layer Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks detection, because these attacks present a continuous critical threat to the Internet services. DDoS attacks are typically carried out at the network layer. However, there is evidence to suggest that application layer DDoS attacks can be more effective than the traditional ones. Over some period of time, researchers proposed many solutions to prevent the DoS/DDoS attacks from different OSI layers, but there has been done only a very small research on application layer. In this paper, we consider sophisticated attacks that utilize legitimate application layer requests from legitimately connected network machines to overwhelm Web server. Since the attack signature of each application layer DDoS is represented in abnormal user behavior, we propose several mechanisms, which can be used for application DoS/DDoS attack detection.