Time Estimation for Next Request to Prevent DOS Attack on RESTful Services

Abstract

Systems are getting integrated faster and easier using web API, as applications and cloud API’s nowadays are shifting to REST-based services in the detriment of SOAP-based ones. RESTful services are a lightweight alternative to Web Services implemented using HTTP and principles of REST. Thus there is no standard applied on RESTful, so security is not considered by default. One of the most attack suffer by the mainstream service providers is Buffer overflow in RESTful services, as a result from misuse or intentional attack. Client requests a resource many times that consume processing time and a lot of money for each request and may cause Denial of services (DOS). This is a hot topic since there is a lack of study in this field and a wide use for RESTful services as a commercial base, so our approach focuses on how to prevent the suspicious repeated RESTful requests. Every RESTful request has process time and guarded with a token which we increase in live time by next expected time for next request. To protect the service provider from suspicious repeated RESTful requests (which causes losing money & may cause buffer overflow DOS attack) we must prevent repeated request for same resources from the same client before the process time of the previous request is done and to ensure that the new RESTful request has a valid token. We propose an approach to estimate RESTful process request time from a set of previous requests using large number of experiments to find general equation for estimate current computing time and finding the next expected time for next RESTful request using our equation. We compute guard time depending on the next request time which protect service provider from repeated request that causes buffer overflow DOS attack. The results were sufficient as the accuracy ranges between 93% and 98% with average 97.31 %.