Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks
Distributed Denial of Service (DDoS) attacks are currently major threats to communication in the Internet. A secure overlay services (SOS) architecture has been proposed to provide reliable communication between clients and a target under DDoS attacks. The SOS architecture employs a set of overlay nodes arranged in three hierarchical layers that controls access to the target. Although the architecture is novel and works well under simple congestion based attacks, we observe that it is vulnerable under more intelligent attacks. We generalize the SOS architecture by introducing more flexibility in layering to the original architecture. We define two intelligent DDoS attack models and develop an analytical approach to study the impacts of the number of layers, number of neighbors per node and thenode distribution per layer on the system performance under these two attack models. Our data clearly demonstrate that performance is indeed sensitive to the design features and the different design features interact with each other to impact overall system performance.
D. Xuan et al., "Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks," Proceedings of the 24th International Conference on Distributed Computing Systems, Institute of Electrical and Electronics Engineers (IEEE) Computer Society, Mar 2004.
Keywords and Phrases
Intelligent DDoS Attacks; SOS Architecture; Secure Overlay Services
Article - Conference proceedings
© 2004 Institute of Electrical and Electronics Engineers (IEEE) Computer Society, All rights reserved.
01 Mar 2004