Design and analysis of a replicated elusive server scheme for mitigating denial of service attacks

Authors:
Chatree Sangpachatanaruk;Sherif M. Khattab;Taieb Znati;Rami Melhem;Daniel Mossé
Affiliations:
Department of Information Science and Telecommunication, University of Pittsburgh, Pittsburgh, PA;Department of Computer Science and Telecommunication, University of Pittsburgh, Sennott Square, Pittsburgh, PA;Department of Information Science and Telecommunication, University of Pittsburgh, Pittsburgh, PA and Department of Computer Science and Telecommunication, University of Pittsburgh, Sennott Square ...;Department of Computer Science and Telecommunication, University of Pittsburgh, Sennott Square, Pittsburgh, PA;Department of Computer Science and Telecommunication, University of Pittsburgh, Sennott Square, Pittsburgh, PA
Venue:
Journal of Systems and Software - Special issue: Performance modeling and analysis of computer systems and networks
Year:
2004

Citing 17
Cited 2

How to construct random functions

Journal of the ACM (JACM)
Secure group communications using key graphs

Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Defending against denial of service attacks in Scout

OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
SPINS: security protocols for sensor networks

Proceedings of the 7th annual international conference on Mobile computing and networking
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Resilient overlay networks

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
An analysis of using reflectors for distributed denial-of-service attacks

ACM SIGCOMM Computer Communication Review
Protecting electronic commerce from distributed denial-of-service attacks

Proceedings of the 11th international conference on World Wide Web
SOS: secure overlay services

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
A Simulation Study of the Proactive Server Roaming for Mitigating Denial of Service Attacks

ANSS '03 Proceedings of the 36th annual symposium on Simulation
Partitionable Services: A Framework for Seamlessly Adapting Distributed Applications to Heterogeneous Environments

HPDC '02 Proceedings of the 11th IEEE International Symposium on High Performance Distributed Computing
Migratory TCP: Connection Migration for Service Continuity in the Internet

ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Fine-grained failover using connection migration

USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3

Design and Analysis of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID Environments

ANSS '06 Proceedings of the 39th annual Symposium on Simulation
On the Design and Performance of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID and Collaborative Workflow Environments

Simulation

Quantified Score

Hi-index	0.00

Visualization

Abstract

The paper proposes a scheme, referred to as proactive server roaming, to mitigate the effects of denial of service (DOS) attacks. The scheme is based on the concept of "replicated elusive service", which through server roaming, causes the service to physically migrate from one physical location to another. Furthermore, the proactiveness of the scheme makes it difficult for attackers to guess when or where servers roam. The combined effect of elusive service replication and proactive roaming makes the scheme resilient to DoS attacks, thereby ensuring a high-level of quality of service. The paper describes the basic components of the scheme and discusses a simulation study to assess the performance of the scheme for different types of DoS attacks. The details of the NS2-based design and implementation of the server roaming strategy to mitigate the DoS attacks are provided, along with a thorough discussion and analysis of the simulation results.