Deployable Overlay Network for Defense against Distributed SYN Flood Attacks

Yuichi OHSITA  Shingo ATA  Masayuki MURATA  

Publication
IEICE TRANSACTIONS on Communications   Vol.E91-B   No.8   pp.2618-2630
Publication Date: 2008/08/01
Online ISSN: 1745-1345
DOI: 10.1093/ietcom/e91-b.8.2618
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Internet
Keyword: 
distributed denial of service (DDoS),  SYN flood,  overlay network,  TCP proxy,  

Full Text: PDF(1.1MB)>>
Buy this Article




Summary: 
Distributed denial-of-service attacks on public servers have recently become more serious. Most of them are SYN flood attacks, since the malicious attackers can easily exploit the TCP specification to generate traffic making public servers unavailable. We need a defense method which can protect legitimate traffic so that end users can connect the target servers during such attacks. In this paper, we propose a new framework, in which all of the TCP connections to the victim servers from a domain are maintained at the gateways of the domain (i.e., near the clients). We call the nodes maintaining the TCP connection defense nodes. The defense nodes check whether arriving packets are legitimate or not by maintaining the TCP connection. That is, the defense nodes delegate reply packets to the received connection request packets and identify the legitimate packets by checking whether the clients reply to the reply packets. Then, only identified traffic are relayed via overlay networks. As a result, by deploying the defense nodes at the gateways of a domain, the legitimate packets from the domain are relayed apart from other packets including attack packets and protected. Our simulation results show that our method can protect legitimate traffic from the domain deploying our method. We also describe the deployment scenario of our defense mechanism.