A Feedback Mechanism for Mitigating Denial of Service Attacks against Differentiated Services Clients
نویسندگان
چکیده
Differentiated Service (DiffServ) networks provide Quality of Service (QoS) guarantees by policing traffic into a fixed number of pre-existing classes. DoS attacks against DiffServ clients will be more targeted and require less attack bandwidth than current attacks due to the per-client and per-class bandwidth limitations which must be imposed to ensure QoS guarantees. In this paper, we present a technique for defeating a DoS attack on a DiffServ client through dynamic modification of packet headers. This technique allows the DiffServ network to distinguish valid traffic from malicious traffic, but does not require cryptographic processing on a per-packet basis and does not increase packet size. We also examine the sensitivity of our system to the traffic policer’s token bucket size.
منابع مشابه
New Approach to Mitigating Distributed Service Flooding Attacks
Distributed denial of service (DDoS) attacks pose great threat to the Internet and its public services. Various computation-based cryptographic puzzle schemes have been proposed to mitigate DDoS attacks when detection is hard or has low accuracy. Yet, existing puzzle schemes have shortcomings that limit their effectiveness in practice. First, the effectiveness of computation-based puzzles decre...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملA Lightweight Mechanism to Mitigate Application Layer DDoS Attacks
Application layer DDoS attacks, to which network layer solutions is not applicable as attackers are indistinguishable based on packets or protocols, prevent legitimate users from accessing services. In this paper, we propose Trust Management Helmet (TMH ) as a partial solution to this problem, which is a lightweight mitigation mechanism that uses trust to differentiate legitimate users and atta...
متن کاملMitigating Denial Of Services Using Secure Overlay Service Model
Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to m...
متن کاملA moving target DDoS defense mechanism
In this paper, we introduce a moving target defense mechanism that defends authenticated clients against Internet service DDoS attacks. Our mechanism employs a group of dynamic, hidden proxies to relay traffic between authenticated clients and servers. By continuously replacing attacked proxies with backup proxies and reassigning (shuffling) the attacked clients onto the new proxies, innocent c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2002