Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Network Security with Openssl
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Firewalls and Internet Security: Repelling the Wily Hacker
Firewalls and Internet Security: Repelling the Wily Hacker
The Case for Resilient Overlay Networks
HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Telling humans and computers apart automatically
Communications of the ACM - Information cities
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
Countering DoS attacks with stateless multipath overlays
Proceedings of the 12th ACM conference on Computer and communications security
A Framework for a Collaborative DDoS Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Finding more null pointer bugs, but not too many
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
FOSeL: Filtering by Helping an Overlay Security Layer to Mitigate DoS Attacks
NCA '08 Proceedings of the 2008 Seventh IEEE International Symposium on Network Computing and Applications
THE ALOHA SYSTEM: another alternative for computer communications
AFIPS '70 (Fall) Proceedings of the November 17-19, 1970, fall joint computer conference
ODON: An On-Demand Security Overlay for Mission-Critical Applications
ICCCN '09 Proceedings of the 2009 Proceedings of 18th International Conference on Computer Communications and Networks
Application of anomaly detection algorithms for detecting SYN flooding attacks
Computer Communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Adaptive Anomaly Detection via Self-calibration and Dynamic Updating
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Deadlock immunity: enabling systems to defend against deadlocks
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
Protection against Denial of Service (DoS) attacks is a challenging and ongoing problem. Current overlay-based solutions can transparently filter unauthorized traffic based on user authentication. Such solutions require either pre-established trust or explicit user interaction to operate, which can be circumvented by determined attackers and is not always feasible (e.g., when user interaction is impossible or undesirable). We propose a Multi-layer Overlay Network (MON) architecture that does not depend on user authentication, but instead utilizes two mechanisms to provide DoS resistant to any IP-based service, and operates on top of the existing network infrastructure. First, MON implements a threshold-based intrusion detection mechanism in a distributed fashion to mitigate DoS close to the attack source. Second, it randomly distributes user packets amongst different paths to probabilistically increase service availability during an attack. We evaluate MON using the Apache web server as a protected service. Results demonstrate MON nodes introduce very small overhead, while users' service access time increases by a factor of 1.1 to 1.7, depending on the configuration. Under an attack scenario MON can decrease the attack traffic forwarded to the service by up to 85%. We believe our work makes the use of overlays for DoS protection more practical relative to prior work.