A simulation study of the proactive server roaming for mitigating denial of service attacks
- 27 August 2003
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
The main goal of the NETSEC project is to design and implement a framework for mitigating the effects of the node-based and link-based denial of service (DoS) attacks. Our strategy employs three lines of defense. The first line of defense is to restrict the access to the defended services using offline service subscription, encryption and other traditional security techniques. The second line of defense is server roaming, by which we mean the migration of the service from one server to another, where the new server has a different IP address. Finally, each server and firewall(s) implement resource management schemes as a third line of defense. For example, deploying separate input queues to allocate different classes of service requests. We show our simulation study on the second line of defense, the server roaming. The design and procedure of the sever roaming on the NS2 is described. The promising results of applying the server roaming to mitigate the DoS attack in the simulation are also shown with analysis.Keywords
This publication has 4 references indexed in Scilit:
- Migratory TCP: connection migration for service continuity in the InternetPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Distributed denial of service attacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- Analysis of a denial of service attack on TCPPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1997
- How to construct random functionsJournal of the ACM, 1986