An enhanced SOS architecture for DDoS attack defense using active network technology

After a long time study of DDoS attack, we find that the secure overlay services (SOS) architecture is one of the best ways to protect our service. There is no other reason but the ability to provide reliable communication between authorized clients and a protected target under on-going DDoS attacks. The SOS architecture defines a set of overlay nodes, arranged in four function groups, that controls access to the protected target. Although, the architecture is novel and works well under simple congestion based attacks, we observe that when the attacker uses the same malicious traffic raid on the SOS nodes with some kind of sleight, the SOS system cannot respond to this kind of trick and somehow it has already threatened the reliability of the SOS. We propose a scheme to enhance the SOS against intelligent DDoS attacks, both from the mechanisms and the detection algorithm.