Rebound Wall: A Novel Technology against DoS Attacks
Volume 5, Number 1, January 2009 - Paper 5 - pp. 55 - 70
YUAN-SHUN DAI1, XUEPING LI1, XUKAI ZOU3 LIUDONG XING41Department of Industrial & Information Engineering, University of Tennessee, USA,
2Department of Electrical Engineering & Computer Science, Univ. of Tennessee, USA
3Department of Computer & Information Science, Purdue University, Indianapolis, USA
4Dept.of Electrical & Computer Engineering, Univ. of Massachusetts, Dartmouth, USA.
(Received on December 19, 2007, revision available on November 25, 2008)
DoS/DDoS attacks have become one of the most critical security problems in today's network systems, which is easy to launch by hackers but hard to protect by victims. This paper presents a novel and robust mechanism, named Rebound Wall, which proves very effective to protect a victim server from DoS attacks and easy to deploy in practice. The rebound wall comprises of available machines in the LAN, surrounding the core server. Unlike the existing DoS defense techniques which rely much on marking and/or filtering, the rebound wall utilizes roaming crypt-doors. Valid requests can only go through a designated entrance to the server. These entrance machines are roaming over the rebound wall, so that hackers cannot find the target to launch effective attacks. Some other new technologies and protocols that are necessary to furnish the rebound wall technology are also presented in this paper, including Floating Entrance, Entrance Switch, User-end Authentication, Entrance-based Privilege Control, and Traceback. A survivability model is further built for the rebound wall based on a CTMC. A rebound wall was implemented in reality. Both experimental data and analytical results validated the effectiveness, efficiency, and robustness of the rebound wall technology. We finally compare the rebound wall with other related and advanced technologies against DoS/DDoS.
Click here to download the paper.
Please note : You will need Adobe Acrobat viewer to view the full articles.