For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Deployable Overlay Network for Defense against Distributed SYN Flood Attacks
Yuichi OHSITA Shingo ATA Masayuki MURATA
IEICE TRANSACTIONS on Communications
Publication Date: 2008/08/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: PAPER
distributed denial of service (DDoS), SYN flood, overlay network, TCP proxy,
Full Text: PDF(1.1MB)>>
Distributed denial-of-service attacks on public servers have recently become more serious. Most of them are SYN flood attacks, since the malicious attackers can easily exploit the TCP specification to generate traffic making public servers unavailable. We need a defense method which can protect legitimate traffic so that end users can connect the target servers during such attacks. In this paper, we propose a new framework, in which all of the TCP connections to the victim servers from a domain are maintained at the gateways of the domain (i.e., near the clients). We call the nodes maintaining the TCP connection defense nodes. The defense nodes check whether arriving packets are legitimate or not by maintaining the TCP connection. That is, the defense nodes delegate reply packets to the received connection request packets and identify the legitimate packets by checking whether the clients reply to the reply packets. Then, only identified traffic are relayed via overlay networks. As a result, by deploying the defense nodes at the gateways of a domain, the legitimate packets from the domain are relayed apart from other packets including attack packets and protected. Our simulation results show that our method can protect legitimate traffic from the domain deploying our method. We also describe the deployment scenario of our defense mechanism.