Overlay Based, Distributed Defense-Framework against DDoS Attacks (インターネットアーキテクチャ)

概要

論文の詳細を見る
The World Wide Web plays vital roles in our daily lives. But cyber-attackers abuse this vitality by threatening web servers. DDoS attacks (distributed denial of service) remain as one of the major threats for web servers despite of the continuous protection efforts. Recently, high level DDoS attacks (targeting the application level) could successfully affect several high profile web services. A defense framework that can stop all levels of DDoS attacks is required. High level DDoS attack traffic can't be easily detected, since the request comes from a real host and asks for a real resource from the server's application. In this paper, possible high level attack scenarios are classified into; preventable, detectable, and non-detectable. Afterwards, our previously proposed overlay based, distributed defense-framework against DDoS Attacks is presented. The proposed framework is capable of preventing low level attacks from affecting the server. Additional countermeasures are also introduced that can help eliminate a large portion of the possible high level attack strategies. Preliminary tests on the implemented prototype under high level attacks show that the new AN countermeasures serves as a practical response mechanism to the detectable category, besides its facilitating their detection. Even for the non-detectable attacks class, the introduced countermeasures throttles down the attackers' achievable rate given the same resources thus raise the bar on them.
2011-12-08

Overlay Based, Distributed Defense-Framework against DDoS Attacks (インターネットアーキテクチャ)

スポンサーリンク

概要

著者

関連論文

スポンサーリンク