Title :
An enhanced SOS architecture for DDoS attack defense using active network technology
Author :
In, Chi-Hyung ; Hong, Choong Seon ; Wei, Jiang ; Okamura, Koji
Abstract :
After a long time study of DDoS attack, we find that the secure overlay services (SOS) architecture is one of the best ways to protect our service. There is no other reason but the ability to provide reliable communication between authorized clients and a protected target under on-going DDoS attacks. The SOS architecture defines a set of overlay nodes, arranged in four function groups, that controls access to the protected target. Although, the architecture is novel and works well under simple congestion based attacks, we observe that when the attacker uses the same malicious traffic raid on the SOS nodes with some kind of sleight, the SOS system cannot respond to this kind of trick and somehow it has already threatened the reliability of the SOS. We propose a scheme to enhance the SOS against intelligent DDoS attacks, both from the mechanisms and the detection algorithm.
Keywords :
Internet; security of data; telecommunication security; telecommunication services; DDoS attack defense; Internet; active network technology; authorized clients; congestion based attacks; distributed denial of service attacks; enhanced secure overlay services architecture; function groups; overlay nodes; protected target; reliable communication; Availability; Bidirectional control; Communication system control; Computer crime; Detection algorithms; Microwave integrated circuits; Peer to peer computing; Protection; Simple object access protocol; Telecommunication traffic;
Conference_Titel :
Telecommunications, 2005. advanced industrial conference on telecommunications/service assurance with partial and intermittent resources conference/e-learning on telecommunications workshop. aict/sapir/elete 2005. proceedings
Print_ISBN :
0-7695-2388-9
DOI :
10.1109/AICT.2005.22
