FRADE: Flash cRowd Attack DEfense


Members and Collaborators

Overview

A flash-crowd attack (FCA) is a DDoS attack that floods an application at the victim with numerous service requests. Such attacks are extremely hard to detect and filter, because legitimate and attack requests are indistinguishable from each other. The attackers use multiple bots to send requests to the victim at low rates. Flash-crowd attacks are appealing to attackers, because they can be effective at a low volume. Since many DDoS defenses operate at network level and look for large traffic spikes in network aggregates, flash-crowd attacks often slip by undetected. An attacker can use regular, lightweight requests, such as those for a static page at a Web server or use costly requests, which require more of the server's resources, such dynamic requests, involving database lookups and updates.

Our Solution

FRADE is a defense scheme to mitigate Flash Crowd Attack by distinguising humans from bots. The goal of the FRADE is to raise the bar for the number of bots needed for a succesfull Flash Crowd Attack. FRADE achieves this by three novel approaches which models the human behaviour to distinguish human users from flash-crowd bots.

FRADE Design


FRADE Design

This material is based upon work supported by the National Science Foundation under Grant No. 1319215. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.