OverDoSe: A Generic DDoS Protection Service Using an Overlay Network

نویسندگان

  • Elaine Shi
  • Ion Stoica
  • David Andersen
  • Adrian Perrig
چکیده

We present the design and implementation of OverDoSe, an overlay network offering generic DDoS protection for targeted sites. OverDoSe clients and servers are isolated at the IP level. Overlay nodes route packets between a client and a server, and regulate traffic according to the server’s instructions. Through the use of light-weight security primitives, OverDoSe achieves resilience against compromised overlay nodes with a minimal performance overhead. OverDoSe can be deployed by a single ISP who wishes to offer DDoS protection as a value-adding service to its customers.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks

Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...

متن کامل

A Proactive Distributed Denial of Service Protection Framework

Securing communication networks against distributed denial of service attacks (DDoS) is still one of the most challenging network security issues. We propose a framework to protect network routers and hosts against resource starvation caused by DDoS attacks. We pro-actively build overlay groups of neighboring enhanced routers according to current traffic patterns. During ongoing attacks, the fr...

متن کامل

Countering DDoS Attacks with Multi-Path Overlay Networks

Distributed Denial of Service (DDoS) has emerged as a major threat to the operation of online network services [1, 2, 3]. Current forms of DDoS attacks implicate multiple groups of Internet machines that have been taken over and controlled by an attacker. These machines, called bots, are manipulated by the attacker to produce an excessive surge of traffi c toward a target server, the victim. Th...

متن کامل

DDoS Attack Detection Using Cooperative Overlay Networks and Gossip Protocol

DDoS attacks have major impact on the affected networks viz. packet transmission delays, network outage, website sabotage, financial losses, legitimate-user blockage and reputation damage. Existing DDoS detection techniques are either implemented at the victim node (but the damage is already done) or at many intermediate routers which run DDoS detection algorithms, that adds additional delay an...

متن کامل

Cooperative Defence Against DDoS Attacks

Distributed denial of service (DDoS) attacks on the Internet have become an immediate problem. As DDoS streams do not have common characteristics, currently available intrusion detection systems (IDS) cannot detect them accurately. As a result, defend DDoS attacks based on current available IDS will dramatically affect legitimate traffic. In this paper, we propose a distributed approach to defe...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2006