No more DoS? An empirical study on defense techniques for web server Denial of Service mitigation

Abstract

Denial-of-Service (DoS) attacks are becoming increasingly common and undermine the availability of widely used web servers. Even if DoS attacks cannot be rendered completely harmless, ready-to-use defense modules and solutions to mitigate their effect are highly beneficial for site administrators. Unfortunately, there is a lack of measurement studies that explore the pros and cons of common DoS web server defense modules in order to understand their limitations and to drive practitioners’ choices. This paper presents an empirical study of the ubiquitous Apache web server, with an assessment of two well-known pluggable defense modules and an enlargement technique that provides the server with additional resources. Measurements are based on a mixture of flooding and slow DoS attacks. The experimentation shows that, in spite of the large availability of pluggable security modules that can be usefully deployed in practice, there is not a bulletproof defense solution to mitigate the DoS attacks in hand. The findings of our analysis can be useful to support the deployment of proper defense mechanisms, as well as the development of robust and effective solutions for DoS protection.