A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
IEEE Transactions on Dependable and Secure Computing
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
Keeping Denial-of-Service Attackers in the Dark
IEEE Transactions on Dependable and Secure Computing
Journal of Parallel and Distributed Computing
Secure overlay networks for federated service provision and management
Computers and Electrical Engineering
Distributed algorithms for secure multipath routing in attack-resistant networks
IEEE/ACM Transactions on Networking (TON)
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Simulation and Analysis of DDoS in Active Defense Environment
Computational Intelligence and Security
A novel approach in securing DDoS attack
CSTST '08 Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology
A Game Theoretic Approach for Deploying Intrusion Detection Agent
Agent Computing and Multi-Agent Systems
From content distribution networks to content networks - issues and challenges
Computer Communications
Multi-agent framework for simulation of adaptive cooperative defense against internet attacks
AIS-ADM'07 Proceedings of the 2nd international conference on Autonomous intelligent systems: agents and data mining
Unified defense against DDoS attacks
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Integrated notification architecture based on overlay against DDoS attacks on convergence network
SEUS'07 Proceedings of the 5th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems
Scheme of defending against DDoS attacks in large-scale ISP networks
NPC'07 Proceedings of the 2007 IFIP international conference on Network and parallel computing
Enabling tussle-agile inter-networking architectures by underlay virtualisation
FIS'2009 Proceedings of the Second Future internet conference on Future internet
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
Depth-in-defense approach against DDoS
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
A survey on automatic configuration of virtual private networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Keeping denial-of-service attackers in the dark
DISC'05 Proceedings of the 19th international conference on Distributed Computing
Ferris wheel: A ring based onion circuit for hidden services
Computer Communications
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
A ring based onion circuit for hidden services
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Bionic Autonomic Nervous Systems for Self-Defense against DoS, Spyware, Malware, Virus, and Fishing
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Spread Identity: A new dynamic address remapping mechanism for anonymity and DDoS defense
Journal of Computer Security
Hi-index | 0.07 |
We propose an architecture called secure overlay services (SOS) that proactively prevents denial of service (DoS) attacks, including distributed (DDoS) attacks; it is geared toward supporting emergency services, or similar types of communication. The architecture uses a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by: 1) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic and 2) introducing randomness and anonymity into the forwarding architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOS-protected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels. Our performance measurements using a prototype implementation indicate an increase in end-to-end latency by a factor of two for the general case, and an average heal time of less than 10 s.