کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
447829 693493 2014 12 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
A moving target DDoS defense mechanism
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
A moving target DDoS defense mechanism
چکیده انگلیسی


• We design a moving target mechanism to defend against Internet service DDoS attacks.
• We propose a shuffling model to segregate innocent clients from malicious insiders.
• A greedy algorithm is designed to accelerate the segregation of insiders.
• Greedy algorithm enables defenders to plan defense resource to meet QoS goals.

In this paper, we introduce a moving target defense mechanism that defends authenticated clients against Internet service DDoS attacks. Our mechanism employs a group of dynamic, hidden proxies to relay traffic between authenticated clients and servers. By continuously replacing attacked proxies with backup proxies and reassigning (shuffling) the attacked clients onto the new proxies, innocent clients are segregated from malicious insiders through a series of shuffles. To accelerate the process of insider segregation, we designed an efficient greedy algorithm which is proven to have near optimal empirical performance. In addition, the insider quarantine capability of this greedy algorithm is studied and quantified to enable defenders to estimate the resource required to defend against DDoS attacks and meet defined QoS levels under various attack scenarios. Simulations were then performed which confirmed the theoretical results and showed that our mechanism is effective in mitigating the effects of a DDoS attack. The simulations also demonstrated that the overhead introduced by the shuffling procedure is low.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computer Communications - Volume 46, 15 June 2014, Pages 10–21
نویسندگان
, , , , , ,