Swing - A Novel Mechanism Inspired by Shim6 Address-Switch Conception to Limit the Effectiveness of DoS Attacks

Denial-of-Service (DoS) attacks play a significant role among all the network security issues today. In this paper, we present a mechanism (called Swing) to limit the effectiveness of DoS attacks. Inspired by the address-switch conception of the newly proposed shim6 protocol, Swing tries to protect servers from attacks by using a new strategy. In the mechanism, when a DoS attack is detected, the server will automatically change its address to get rid of the attack. Meanwhile, existing connections from normal clients will be kept using an address-switch protocol like shim6. A p2p network is included in the mechanism to help clients establish new connections to the server under attack situations, and side equipments are deployed near the server to monitor and reshape the network flow. This mechanism suggests a new kind of strategy to defend DoS attacks, and provides a resilient and effective solution.