Show simple item record

dc.contributor.advisor Knightly, Edward W.
dc.creatorRanjan, Supranamaya
dc.date.accessioned 2009-06-04T06:32:33Z
dc.date.available 2009-06-04T06:32:33Z
dc.date.issued 2006
dc.identifier.urihttps://hdl.handle.net/1911/18961
dc.description.abstract Though the WWW has come a long way since when it was monikered the World Wide Wait, it is still not reliable during heavy workload conditions. Overloads due to flash arrival of users or diurnal workload patterns are known to exponentially increase download times. More recently, online banks and portals have been the target of Distributed Denial-of-Service (DDoS) attacks, which send a deluge of requests and drive away the legitimate users. This dissertation proposes a web hosting architecture consisting of a grid of clusters, to provide high-performance in the presence of standard overload conditions as well as resilience during attacks. The architecture's high-performance component is provided by a server selection framework, W&barbelow;ide-A&barbelow;rea R&barbelow;eD&barbelow;irection (WARD), which efficiently multiplexes resources across the cluster grid. Traditional approaches assume that minimizing network hop count minimizes client latency. In contrast, WARD's server selection algorithm forwards requests to the server that minimizes the total of estimated network and server delays. WARD is better-suited to handling overload conditions in dynamic web content, which are known to stress compute resources more than the network. Using a combination of analytical modeling and testbed experiments, it's shown that delay savings by redirecting requests to an under-loaded cluster can far outweigh the overhead in inter-cluster network latency. For instance, for an e-commerce site with 300 concurrent clients, redirection reduces download times from 5 to 2.3 seconds. The architecture's DDoS-resilience is provided by DDoS-Shield, consisting of a suspicion assignment mechanism and a scheduler. Assuming sophisticated attackers, the possible attacks are characterized as either request flooding, asymmetric or repeated one-shot, on the basis of the application workload parameters exploited. In contrast to prior work, the suspicion mechanism assigns a continuous valued vs. binary suspicion measure to each client session, and the scheduler utilizes these values to determine if and when to schedule a session's requests. Testbed-driven experiments demonstrate the potency of these resource attacks as well as evaluate the efficacy of the counter-mechanism. For instance, an asymmetric attack effected to overwhelm the database CPU, increases download times from 0.15 to 10 seconds, while DDoS-Shield is shown to improve performance to 0.8 seconds.
dc.format.extent 99 p.
dc.format.mimetype application/pdf
dc.language.iso eng
dc.subjectElectronics
Electrical engineering
Computer science
dc.title High performance distributed denial-of-service resilient Web cluster architecture
dc.type.genre Thesis
dc.type.material Text
thesis.degree.department Computer Science
thesis.degree.discipline Engineering
thesis.degree.grantor Rice University
thesis.degree.level Doctoral
thesis.degree.name Doctor of Philosophy
dc.identifier.citation Ranjan, Supranamaya. "High performance distributed denial-of-service resilient Web cluster architecture." (2006) Diss., Rice University. https://hdl.handle.net/1911/18961.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record