Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Simulation Study of the Proactive Server Roaming for Mitigating Denial of Service Attacks
ANSS '03 Proceedings of the 36th annual symposium on Simulation
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
A Dynamic Honeypot Design for Intrusion Detection
ICPS '04 Proceedings of the The IEEE/ACS International Conference on Pervasive Services
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Hi-index | 0.00 |
DDOS attacks generate flooding traffic from multiple sources towards selected nodes which may be targets of opportunity or targets of choice. The latter reflects service level attacks aimed to disrupt services. Array of schemes have been proposed for defense against DDOS attacks in real time. Low rate DDOS attacks lead to graceful degradation while high rate attacks leave network functionally unstable. Our scheme uses three lines of defense. The first line of defense detects the presence of attacks. The second line of defense identifies and tags attack flows in real time. As the last line of defense, a model for dynamic honeypot routing and redirection has been proposed in response to identified attacks that triggers the automatic generation of adequate nodes to service client requests and required number of honeypots that interact with attackers in contained manner. The judicious mixture of servers and honeypots at different time intervals provide stable network functionality at ISP level. We validate the effectiveness of the approach with analytical modeling on Internet type topology and simulation in ns-2 on a Linux platform.