A Protection System Against HTTP Flood Attacks Using Software Defined Networking

HyperText Transfer Protocol (HTTP) Flood Distributed Denial-of-Service attacks use a set of infected nodes in a botnet to overload a web server. This article proposes a protection system against these attacks based on Software Defined Networking (SDN). Our system provides a simple challenge to detect attackers. When a request arrives for a given application, our system sends an HTTP redirection message to the client. This message instructs the client to use the actual Web application’s IP address. Hence, assuming that botnet nodes do not implement the complete HTTP protocol, they will not follow this redirection. As requests from botnets will not reach the application, only legitimate clients will access the protected server. This approach allows the system to differentiate attackers’ IP addresses from legitimate clients’ IPs. Consequently, the system inserts SDN flow rules to block future requests from attackers. Our proposal reduces the load of an attacked Autonomous System (AS) using the collaboration of other ASes. The idea is that when the application is under attack, the system redirects the requests to the Collaborating ASes. Hence, legitimate clients follow the redirection and access the web application through the collaborating AS. We evaluate the system using Mininet. The results show that the attacked AS’s SDN Controller can reduce its CPU consumption by 65.32% when six collaborating ASes are used. Also, when under attack, the system reduces the latency perceived by the clients from 6 s to approximately 0.4 s.