Mitigating Denial-of-Service Attacks Using Secure Service Overlay Model

  IJETT-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
© 2014 by IJETT Journal
Volume-8 Number-9                          
Year of Publication : 2014
Authors : Shalaka S. Chowriwar , Madhulika S. Mool , Prajyoti P.Sabale , Sneha S.Parpelli , Mr.Nilesh Sambhe


Shalaka S. Chowriwar , Madhulika S. Mool , Prajyoti P.Sabale, Sneha S.Parpelli , Mr.Nilesh Sambhe. "Mitigating Denial-of-Service Attacks Using Secure Service Overlay Model", International Journal of Engineering Trends and Technology(IJETT), V8(9),479-483 February 2014. ISSN:2231-5381. published by seventh sense research group


Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic. A secure overlay services (SOS) architecture has been proposed to provide reliable communication between clients and a target under DoS attacks. The SOS architecture employs a set of overlay nodes arranged in three hierarchical layers that controls access to the target. We propose an architecture called secure overlay services (SOS) that proactively prevents denial of service (DoS) attacks, which works toward supporting emergency services, or similar types of communication. The architecture uses a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by: 1) performing intensive filtering near protected network edges, pushing the attack point into the core of the network, where high-speed routers can handle the volume of attack traffic and 2) introducing randomness and anonymity into the forwarding architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOS protected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.


[1] B. B. Gupta, Student Member, IEEE, R. C. Joshi, and Manoj Misra, Member, IEEE. “Distributed Denial of Service Prevention Techniques”.
[2] Angelos D. Keromytis, Member, IEEE, Vishal Misra, Member, IEEE, Dan Rubenstein, Member, IEEE “SOS: An Architecture For Mitigating DDoS Attacks”
[3] Angelos D. Keromytis_ Vishal Misra Dan Rubenstein Department of Computer Science Department of Electrical Engineering Columbia University New York, NY. “SOS: Secure Overlay Services”.
[4] D. Andersen, H. Balakrishnan, F. Kaashoek, and R. Morris. Resilient Overlay Networks. In Proceedings of the 18th Symposium on Operating Systems Principles (SOSP), October 2001.
[5] S. Blake, D. Black, M. Carlson, E. Davies, Z. Wang, and W. Weiss. An Architecture for Differentiated Services. Technical report, IETF RFC 2475, December 1998.
[6] M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. The KeyNote Trust Management System Version 2. Internet RFC 2704, September 1999.
[7] M. Blaze, J. Ioannidis, and A. Keromytis. Trust Managent for IPsec. In Proceedings of Network and Distributed System Security Symposium (NDSS), pages 139–151, February 2001.
[8] D. D. Clark. The Design Philosophy of the DARPA Internet Protocols. In Proceedings of ACM SIGCOMM.

Denial-of-Service, ,Distributed Denial-of-Service, SOS-secure overlay service