Abstract:
The promise of pay-as-you-go and scalable model of Cloud Computing has at-
tracted a large number of medium and small enterprises to adopt E-Commerce
model of conducting on-line businesses. While E-Commerce applications on
the Cloud expand businesses by making them more widely accessible, they
also makes these applications susceptible to economic denial of service at-
tacks - a form of application layer attacks that drive up the cost of Cloud
computing by using up application resources. This paper focuses on de-
tection and mitigation of EDoS for E-Commerce based applications. EDoS
is di erent from traditional DDoS in that, the intention of the latter is to
consume all the resources (like memory, bandwidth, CPU etc) of the Web
Server thus making it unavailable to its legitimate users. EDoS on the other
hand is caused by malicious users who are not interested in following the
regular work
ow of an E-commerce application by purchasing items but by
employing it for their own purposes of entertainment, price-checks and idle
sur ng. We have a twofold solution, (i) admission control and (ii) congestion
control. In the rst, we limit number of clients that can simultaneously send
requests, thus allowing only enough clients that can be served easily within
available resources on the Web server. In the second, we change the priority
of allowed clients based on the type of resources they visit and type of ac-
tivities they perform, thus making the maximum resources available to good
clients. Our contribution is two-fold: (1) We model the work
ow of a typical
E-Commerce application and identify key parameters that identify good and
bad users and (2) we present the design of a learning-based classi er that
distinguishes good and bad users depending on the values of the parameters
they select while web browsing. We have integrated and evaluated this so-
lution in a Web Application Firewall and found it quite e ective in term of
resources distribution among good and bad clients.
