A Novel Group Testing (GT) - based Approach Deployed on Back-End Servers

Abstract

Application dos attack, which aims at disrupting application service rather than
depleting the network resource, has emerged as a larger threat to network services,
compared to the classic dos attack. Owing to its high similarity to legitimate traffic and
much lower launching overhead than classic ddos attack, this new assault type cannot be
efficiently detected or prevented by existing detection solutions. To identify application dos
attack, we propose a novel group testing (GT)-based approach deployed on back-end
servers, which not only offers a theoretical method to obtain short detection delay and low
false positive/negative rate, but also provides an underlying framework against general
network attacks.core specifically, we first extend classic GT model with size constraints for
practice purposes, then redistribute the client service requests to multiple virtual servers
embedded within each back-end server machine, according to specific testing matrices.
Based on this framework, we propose a two-mode detection mechanism using some
dynamic thresholds to efficiently identify the attackers. The focus of this work lies in the
detection algorithms proposed and the corresponding theoretical complexity analysis.