Impact analysis of application layer DDoS attacks on web services: a simulation study

Abstract

Due to a wide range of attacks possible on the internet, abundance of security solutions exists in the market today. In spite of this, distributed denial of service (DDoS) attack is still considered irrepressible, as none of the present-day solutions seems to completely eradicate its existence. The most sophisticated form of this attack, application-layer DDoS attack, is on the rise seeking to its surging frequency in recent years. With a primary focus on their detection and mitigation, the researchers have made significant contributions toward the related literature. We begin with introducing application-layer DDoS attacks followed by an analysis of the recent contributions in a nutshell. Subsequently, the underlying mechanism behind the application-layer DDoS attacks is discussed to apprehend its effect on traditional web server architecture. Finally, two independent exhaustive simulations are carried out to evaluate the impact of such attacks on the performance of a web server from multiple perspectives. Multifarious experimental designs corresponding to different attack intensities and server performance parameters are exercised during our first simulation scenario in order to report diverse possible scenarios. The second simulation scenario examines three well-known application-layer DDoS attack strategies that an attacker usually adopts in order to instigate an application-layer DDoS attack.