Application layer attacks

Application attacks are low traffic rate attacks which are very hard to detect. These are targeted at weaknesses in an application or server with the goal of establishing a connection and exhausting processes and transactions. Such attacks do not require a botnet type army; generating a low traffic rate needs few sources and the traffic type seems to be legitimate.

The most famous example of a Layer-7 attack is the HTTP Get/Post DDoS attack.

• HTTP Flood Attack: HTTP flood is a very common type of DDoS attack in which the cyber criminal exploits HTTP GET or POST requests to attack an online web server or application. The attacker forms a botnet army to send the targeted server a very large number of GET (image content) or POST (files) requests. The targeted web server attempts to answer each request coming from the botnet army. In accordance with normal application behavior, the server allocates the maximum number of resources to handle the requests. This prevents genuine requests coming from authentic users to reach to the web server or application. This simply turns into a denial of service:

• Cloud is a new platform for attackers: To create a zombie botnet army cloud series provides a new platform to hackers. Thousand of VMs/hosts can be created and deleted in a few seconds and the traffic looks legitimate:

• Mitigation: A ring-based Anycast solution offers inbuilt DDoS protection against such flood attacks. The most highly-effective mitigation mechanisms rely on a combination of traffic profiling methods, including identifying the IP reputation.