Layer Seven DDoS Attacks

What is Layer 7?

The process of sending and receiving data from one host to another, data encapsulation, is possible due to the existence of a seven layer protocol suite presented as the OSI model (see diagram 1).

Although while examining DoS attacks, we’ll occasionally refer to various layers of this OSI model, special emphasis is to be laid upon the seventh layer, the application layer. In essence, it procures an interface to end-user tasks, and facilitates programs such as web browsers, email services, and photo applications in sending network communications (e.g., SMTP or HTTP).

Diagram 1

layer seven DDoS Attacks Compared to Other Types

The tendency of DDoS attacks shows infallibly that perpetrators take aim and move up the OSI network model over time. The relocation of the prime target is logical, since more DDoS defence systems focus their primary detection powers on lower layers (Imperva, 2012). Therefore, attacks on the web application layer are increasingly popular. Furthermore, layer seven penetration, the top layer in the OSI model, provides an outlet on a business logic layer, which is considered an abstract extension of the aforementioned network protocol suite (F5 Networks, Inc. 2013).

Given that the internet is built vertically by multiple protocol layers, it would be perfectly understandable if internet DDoS attacks assume a vertical classification, as well (Abliz, 2011).

If we adopt this approach, some common types of DDoS attacks include:

• IP attacks on the network bandwidth – Layer 3 (Network Protocol)
  
• TCP attacks on server sockets – Layer 4 (Transport Protocol)
  
• HTTP attacks on Web server threads – layer seven (Application Protocol)
  
• Web application attacks on CPU resources – layer seven+
  

(Imperva, 2012)

Now that we grasp the difference between DDoS attacks, in terms of OSI model classification, let’s go through some general features that (Read more...)