||擬陽性排除サーバを用いた HTTP フラッド攻撃緩和手法の提案
A Proposal of a Mitigation Method of HTTP Flood Attacks Using a Server for Detailed Examination of Pseudo Positive Accesses
有川, 佑樹 ,
久保田, 真一郎 ,
山場, 久昭岡崎, 直宣
250 , 2017-07-31 , 宮崎大学工学部
Typical mitigation for DDoS attack discarded legitimate user packets of at the same time as the attack packets so that the false positive problem of identifying the attacker despite the legitimate user cannot be eliminated. In this paper, we propose the system distributing accesses with OpenFlow to two types of server, a main server with allows only legitimate accesses and a sub server with allows certain attacks. The First threshold is set to eliminate any attacks, the second threshold is set to allow certain attacks. Packet determined to a attack in the second threshold is discarded. Our approach is to allow certain attacks in the second threshold despite of accesses discarded by the first threshold. This approach seems to result the number of false-positive cases decreases, and the legitimate users can succeed to use services.