Title :
A Deployable Architecture against Application-level DDoS Attacks
Author :
Chen, Xiaolin ; Deng, Hui ; Wang, Feng ; Mu, Mu ; Lu, Sanglu
Author_Institution :
Comput. Sci. Dept., Chuxiong Normal Univ.
Abstract :
In application-level DDoS attacks, attackers mimic legitimate client behavior by sending proper-looking requests via bots. The previous DDoS solutions focus on bandwidth flooding attacks, and have encountered significant difficulty in deployment. This paper presents a deployable architecture that counts the application-level DDoS attacks against Web servers by combining overlay and IP anycast. In this architecture, when a protected Web server is under attacks, the traffic to the server will be redirected to an overlay via IP anycast. The overlay nodes provide effective protection to the server by the distributed filter, the distributed traffic control, and also by building a temporary collaborative edge Web cache. We demonstrate that this novel architecture has strong incentives to deploy and is able to be deployed by a single ISP without any modifications to implementation of routers and end host. We then discuss its properties and design challenges.
Keywords :
IP networks; Internet; cache storage; client-server systems; telecommunication congestion control; telecommunication security; IP anycast; Web server; application-level denial-of-service attack; client-server system; deployable architecture; distributed filter; distributed traffic control; overlay node; temporary collaborative edge Web cache; Bandwidth; Buildings; Computer crime; Floods; Information filtering; Information filters; Protection; Service oriented architecture; Traffic control; Web server; DDoS; IP anycast; overlay network; web cache;
Conference_Titel :
Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for
Conference_Location :
Hunan
Print_ISBN :
978-0-7695-3398-8
Electronic_ISBN :
978-0-7695-3398-8
DOI :
10.1109/ICYCS.2008.509
