Countering DoS attacks with stateless multipath overlays

12 years 11 months ago
Countering DoS attacks with stateless multipath overlays
Indirection-based overlay networks (IONs) are a promising approach for countering distributed denial of service (DDoS) attacks. Such mechanisms are based on the assumption that attackers will attack a fixed and bounded set of overlay nodes causing service disruption to a small fraction of the users. In addition, attackers cannot eavesdrop on links inside the network or otherwise gain information that can help them focus their attacks on overlay nodes that are critical for specific communication flows. We develop an analytical model and a new class of attacks that considers both simple and advanced adversaries. We show that the impact of these simple attacks on IONs can severely disrupt communications. We propose a stateless spread-spectrum paradigm to create perpacket path diversity between each pair of end-nodes using a modified ION access protocol. Our system protects end-to-end communications from DoS attacks without sacrificing strong client authentication or allowing an atta...
Angelos Stavrou, Angelos D. Keromytis
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where CCS
Authors Angelos Stavrou, Angelos D. Keromytis
Comments (0)