Domain-Driven Security’s take on Denial-of-Service (DoS) Attacks

University essay from KTH/Skolan för datavetenskap och kommunikation (CSC)

Abstract: Many companies and organisations today suffer from Denial-of-Service (DoS) attacks, which can have direct and indirect economical consequences. This thesis tackles this problem with a novel approach by utilising domain specific behaviour and knowledge. The goal is to distinguish malicious attacks from legitimate usage and to alter overall system behaviour at the event of a DoS attack. Distributed DoS attacks (DDoS) are examined as well as a category suggested in this thesis, namely Domain DoS attacks. A simple e-commerce system is developed based on the principles of Domain-Driven Design in order to test the given approach. Five examples of DoS attacks are presented and tested towards the system. The results indicate that utilising domain behaviour is a suitable approach in order to mitigate DoS attacks, but it requires deep integration with the application itself.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)