Application layer DDoS attack

From Wikipedia, the free encyclopedia
Jump to: navigation, search

An application layer DDoS attack (sometimes referred to as layer 7 DDoS attack) is a form of denial-of-service (DDoS attack) where attackers target the application layer of the OSI model.[1][2] The attack over-execises specific functions or features of a website with the intention to disable those functions or features. This application-layer attack is different from an entire network attack, and is often used against financial institutions to distract IT and security personnel from security breaches.[3] As of 2013, application layer DDoS attacks represent 20% of all DDoS attacks.[4] According to research by the company Akamai, there have been "51 percent more application layer attacks" from Q4 2013 to Q4 2014 and "16 percent more" from Q3 2014 over Q4 2014.[5]

Application layer[edit]

Main article: OSI model

The Open Systems Interconnection (OSI) model (ISO/IEC 7498-1) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO). The model groups similar communication functions into one of seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal connection on that layer.

Main article: Application layer

In the OSI model, the definition of its application layer is narrower in scope. The OSI model defines the application layer as being the user interface. The OSI application layer is responsible for displaying data and images to the user in a human-recognizable format and to interface with the presentation layer below it.

Method of attack[edit]

An application layer DDoS attack is done mainly for specific targeted purposes, including disrupting transactions and access to databases.[6] They require less resources and often accompany network layer attacks.[7] An attack is disguised to look like legitimate traffic, except it targets specific application packets.[4] The attack on the application layer can disrupt services such as the retrieval of information or search function[4] as well as web browser function, email services and photo applications. In order to be deemed a Distributed Denial of Service Attack, more than around 3-5 nodes on different networks should be used, using less than 3-5 nodes definitely only qualifies as a DoS and not a DDoS.[2][8]

Defending application layer DDoS attacks[edit]

Defending against an application layer DDoS attack requires DDoS mitigation.[6] Success of mitigation requires correctly identifying incoming traffic to separate human traffic from human-like bots and hijacked browsers.[6]

Further reading[edit]

See also[edit]


  1. ^ Lee, Newton (2013). Counterterrorism and Cybersecurity: Total Information Awareness. Springer. ISBN 9781461472056. 
  2. ^ a b "Layer Seven DDoS Attacks". Infosec Institute. 
  3. ^ "Gartner Says 25 Percent of Distributed Denial of Services Attacks in 2013 Will Be Application - Based". Gartner. 21 February 2013. Retrieved 28 January 2014. 
  4. ^ a b c Ginovsky, John (27 January 2014). "What you should know about worsening DDoS attacks". ABA Banking Journal. Retrieved 28 January 2014. 
  5. ^
  6. ^ a b c Chai, Eldad (21 October 2013). "Incapsula’s Five-Ring Approach to Application layer DDoS Protection". Incapsula. Retrieved 28 January 2014. 
  7. ^ Higgins, Kelly Jackson (17 October 2013). "DDoS Attack Used ‘Headless’ Browser In 150-Hour Siege". Dark Reader. Retrieved 28 January 2014. 
  8. ^ Raghavan, S.V. (2011). An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks. Springer. ISBN 9788132202776.