Title :
Protecting content distribution networks from denial of service attacks
Author :
Lee, Kang-Won ; Chari, Suresh ; Shaikh, Anees ; Sahu, Sambit ; Cheng, Pau-Chen
Author_Institution :
IBM T. J. Watson Res. Center, Hawthorne, NY, USA
Abstract :
In this paper, we develop two mechanisms to detect DoS attacks against CDN-hosted Web sites and CDN infrastructure servers. First, we propose a novel request routing algorithm which allows CDN servers to effectively distinguish attacks from legitimate requests. Our scheme, based on a keyed hash function, significantly improves the resilience of servers to DoS attacks. Second, we introduce several site allocation algorithms based on binary codes which insure that an attack on one hosted Web site has a limited impact on other hosted sites. Our scheme guarantees that a specified minimum number of servers remain available for non-victimized sites. Together, the proposed schemes significantly improve the resilience of CDN-hosted Web sites, and complement other work on countering distributed DoS attacks.
Keywords :
Internet; binary codes; cryptography; file organisation; network servers; telecommunication network routing; telecommunication security; CDN infrastructure servers; CDN-hosted Web sites; binary codes; content distribution network protection; keyed hash function; legitimate requests; request routing algorithm; service attacks; site allocation algorithms; Bandwidth; Computer crime; Filtering; Network servers; Protection; Resilience; Routing; Telecommunication traffic; Web and internet services; Web server;
Conference_Titel :
Communications, 2005. ICC 2005. 2005 IEEE International Conference on
Print_ISBN :
0-7803-8938-7
DOI :
10.1109/ICC.2005.1494468
