Absrrac&We propose a framework based on proactive server roaming to mitigate the of Denial-of-Sewice 00s) ana*. The active sewer proactively changes its location within a pool of sewers to defend against unpredictable and undeteetable attacks. Only legitimate clients can fouow the adve as it mams. We present algorithms that are secure, distributed, randomized, and adaptive for triggering the roaming and determining the next sewer to roam to. We propose some modifications to the state recovery process of existing TCP connection-migration schemes to suit roaming. Preliminary experiments in a FreeBSD network show that the overhead of roaming is smak in of reSDonse time, in the absence of attacks. Further. during an attac< roaming signilicantly improves the response time. Index Terms-Network Security, DOS Attaek Mitigation I
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.