On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks
IEEE Transactions on Parallel and Distributed Systems
Scheme of defending against DDoS attacks in large-scale ISP networks
NPC'07 Proceedings of the 2007 IFIP international conference on Network and parallel computing
Hi-index | 0.00 |
Distributed denial of service (DDoS) is a major threat tothe availability of Internet services. The anonymity allowedby IP networking, together with the distributed, large scalenature of the Internet, makes DDoS attacks stealthy anddifficult to counter. As various attack tools become widelyavailable and require minimum knowledge to operate, automatedanti-DDoS systems are increasingly important. Thispaper studies the problem of providing an anti-DoS service(called AID) for general-purpose TCP-based publicservers. We design a random peer-to-peer (RP2P) networkthat connects the registered client networks with the registeredservers. RP2P is easy to manage and its longest pathlength is just three hops. The AID service ensures that theregistered client networks can always access the registeredservers even when they are under DoS attacks. It creates thefinancial incentive for commercial companies to provide theservice, and meets the need for enterprises without the expertiseto outsource their anti-DoS operations.