An Analysis of Using Overlay Networks to Resist Distributed Denial-of-Service Attacks

Proxy networks based on overlays have been proposed as an architecture to protect Internet applications against denial-of-service attacks, however we know of no formal analysis of such schemes' effectiveness. We describe a framework to analyze a class of these proxy network architectures. Based on an attack model and a system model, we analytically characterize how attacks affect two key factors of such schemes: resource availability and secrecy of applications' locations. Our analytical models are applied to determine appropriate policies for resource recovery and system reconfiguration. Our conclusions show that: 1) intrusion detection-triggered recovery strategy is insufficient to avoid resource depletion, 2) true-positive rates of intrusion detectors have more impact on resource availability than detection speed, 3) simple reconfiguration approaches, such as random proxy migration, can effectively prevent attackers from discovering applications' locations, 4) overlay network topology is critical; richly-connected topologies may reduce a proxy network's effectiveness in resisting attacks.