Design and Development of Proactive Solutions for Mitigating Denial-of-Service Attacks

摘要

Denial of Service attacks, orchestrated by a single host or multiple hosts in a coordinated manner, has become an increasingly frequent disturbance in today''s Internet. Generally, attackers launch DDoS attacks by directing a massive number of attack sources to send useless traffic to the victim. The victim''s services are disrupted when its host or network resources are occupied by the attack traffic. The threat of DDoS attacks has become even more severe as attackers can compromise a huge number of computers using vulnerabilities in popular operating systems [4]. This paper deals with Denial of service (DoS) and Distributed DoS (DDoS) attacks. In the first part, we categorize existing defense mechanisms, and analyze their strengths and weaknesses. In the second part of our investigation, we develop and evaluate two defense models for DoS attacks: the Secure Overlay Services (SOS) Model and the Server Hopping Model using distributed firewalls. Each of these models provide defense in a different part of the network, and has different resource requirements. In the third part of our investigation, we assess the effectiveness of our defense models for different types of DoS attack.