1 research outputs found
Numerical Evaluation of Cloud-Side Shuffling Defenses against DDoS Attacks on Proxied Multiserver Systems
We consider a cloud based multiserver system, that may be cloud based,
consisting of a set of replica application servers behind a set of proxy
(indirection) servers which interact directly with clients over the Internet.
We address cloud-side proactive and reactive defenses to combat DDoS attacks
that may target this system. DDoS attacks are endemic with some notable attacks
occurring just this past fall. Volumetric attacks may target proxies while "low
volume" attacks may target replicas. After reviewing existing and proposed
defenses, such as changing proxy IP addresses (a "moving target" technique to
combat the reconnaissance phase of the botnet) and fission of overloaded
servers, we focus on evaluation of defenses based on shuffling client-to-server
assignments that can be both proactive and reactive to a DDoS attack. Our
evaluations are based on a binomial distribution model that well agrees with
simulations and preliminary experiments on a prototype that is also described