A Simulation Study of the Proactive Server Roaming for Mitigating Denial of Service Attacks
ANSS '03 Proceedings of the 36th annual symposium on Simulation
Migratory TCP: Connection Migration for Service Continuity in the Internet
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Roaming Honeypots for Mitigating Service-Level Denial-of-Service Attacks
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
Countering DoS attacks with stateless multipath overlays
Proceedings of the 12th ACM conference on Computer and communications security
Per flow packet sampling for high-speed network monitoring
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Hi-index | 0.00 |
Several overlay-based solutions have been proposed to protect network servers from DoS/DDoS attacks. The common objective in the existing solutions is to prevent the attacking traffic from reaching the servers by hiding the location of target server computers. The recent evolutions in DDoS attacks, especially in the increase in the number of bots involved in a DDoS attack and in the degree of control such bots have to the hijacked host computers, cause serious threats to the overlay-based solutions. We designed and assessed the potential of the new overlay-based security architecture that addresses the recent evolutions in DDoS attacks. The new security architecture, called "Dynamic Binary User-Splits (DBUS)", is designed to protect cloud servers (a) when their legitimate users convert to DoS/DDoS attackers or (b) when DDoS attacks are launched from the legitimate users' host computers that are hijacked by DDoS coordinators. DBUS copes with the situations by sieving attacking traffic from the hijacked legitimate users' host computers using dynamic binary user splits over the migrating entry points to an overlay network. Our discrete event driven simulation suggested that DBUS will efficiently sieve DDoS attacking hosts in many different situations, when a small number of attacking hosts hide behind a large legitimate user group, or when a stampede of DDoS attacking hosts occupy the majority of incoming traffic, without requiring a large number of migrating entry points. We also found that how quickly each migrating entry point can detect excess traffic is a key to keep convergence delay short.