| Title | Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Bai, Zhihao, Wang, Ke, Zhu, Hang, Cao, Yinzhi, Jin, Xin |
| Conference Name | 2021 IEEE Symposium on Security and Privacy (SP) |
| Date Published | may |
| Keywords | Adversarial Machine Learning, Data models, Databases, deep neural networks, Feedback loop, Online Feedback Loop, privacy, Prototypes, pubcrawl, Regular expression Denial of Service (ReDoS), resilience, Resiliency, Runtime, System recovery, Web servers |
| Abstract | Regular expression denial of service (ReDoS)-- which exploits the super-linear running time of matching regular expressions against carefully crafted inputs--is an emerging class of DoS attacks to web services. One challenging question for a victim web service under ReDoS attacks is how to quickly recover its normal operation after ReDoS attacks, especially these zero-day ones exploiting previously unknown vulnerabilities.In this paper, we present RegexNet, the first payload-based, automated, reactive ReDoS recovery system for web services. RegexNet adopts a learning model, which is updated constantly in a feedback loop during runtime, to classify payloads of upcoming requests including the request contents and database query responses. If detected as a cause leading to ReDoS, RegexNet migrates those requests to a sandbox and isolates their execution for a fast, first-measure recovery.We have implemented a RegexNet prototype and integrated it with HAProxy and Node.js. Evaluation results show that RegexNet is effective in recovering the performance of web services against zero-day ReDoS attacks, responsive on reacting to attacks in sub-minute, and resilient to different ReDoS attack types including adaptive ones that are designed to evade RegexNet on purpose. |
| DOI | 10.1109/SP40001.2021.00077 |
| Citation Key | bai_runtime_2021 |
Runtime Recovery of Web Applications under Zero-Day ReDoS Attacks