Design and analysis of a replicated elusive server scheme for mitigating denial of service attacks
作者: Chatree Sangpachatanaruk , Sherif M. Khattab , Taieb Znati , Rami Melhem , Daniel Mossé
DOI: 10.1016/J.JSS.2003.09.012
关键词: Replication (computing) 、 Quality of service 、 Server 、 Computer security 、 Service (systems architecture) 、 Denial-of-service attack 、 Scheme (programming language) 、 Roaming 、 Computer science 、 Computer network
摘要: The paper proposes a scheme, referred to as proactive server roaming, mitigate the effects of denial service (DOS) attacks. scheme is based on concept "replicated elusive service", which through causes physically migrate from one physical location another. Furthermore, proactiveness makes it difficult for attackers guess when or where servers roam. combined effect replication and roaming resilient DoS attacks, thereby ensuring high-level quality service. describes basic components discusses simulation study assess performance different types details NS2-based design implementation strategy attacks are provided, along with thorough discussion analysis results.
elsevier.com
sci-hub.se 参考文章(29)
Ari Juels, John G. Brainard, Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks. network and distributed system security symposium. ,(1999)
D. Mankins, R. Krishnan, C. Boyd, J. Zao, M. Frentz, Mitigating distributed denial of service attacks with dynamic resource pricing annual computer security applications conference. pp. 411- 421 ,(2001) , 10.1109/ACSAC.2001.991558
Hari Balakrishnan, Alex C. Snoeren, David G. Andersen, Fine-grained failover using connection migration usenix symposium on internet technologies and systems. pp. 19- 19 ,(2001)
Stefan Axelsson, Intrusion Detection Systems: A Survey and Taxonomy ,(2002)
Noam Nisan, Oded Goldreich, Leonid A. Levin, On Constructing 1-1 One-Way Functions Electronic Colloquium on Computational Complexity. ,vol. 2, ,(1995)
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)
Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback acm special interest group on data communication. ,vol. 30, pp. 295- 306 ,(2000) , 10.1145/347057.347560
Z. Wang, M. Carlson, W. Weiss, D. Black, S. Blake, E. Davies, An Architecture for Differentiated Service RFC 2475. ,vol. 2475, pp. 1- 36 ,(1998)
José Brustoloni, Protecting electronic commerce from distributed denial-of-service attacks the web conference. pp. 553- 561 ,(2002) , 10.1145/511446.511518
Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D. Tygar, SPINS Proceedings of the 7th annual international conference on Mobile computing and networking - MobiCom '01. pp. 189- 199 ,(2001) , 10.1145/381677.381696