Dealing with Denial-of-Service Attacks in Active and Programmable Infrastructures
نویسنده
چکیده
Denial of Service (DoS) attacks is a well-known problem with victims even among prestigious commercial sites. Such attacks in traditional networking are difficult to recognize and to handle. An active infrastructure that can dynamically respond to event-triggered requests can deal better with recognition and handling of DoS attacks. We present here a DoS attack response system architecture and we demonstrate via an application scenario its dynamicity and flexibility in dealing with this kind of attacks. The approach is based on agent-enabled active programmable infrastructures and makes heavy use of the mobile agent technology in order to asynchronously respond to critical situations. Finally we comment on the pros and cons of our approach and discuss future directions that could be followed.
منابع مشابه
Detecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملHF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملSecurity in Programmable Netword Infrastructures: The Integration of Network and Application Solutions
Programming the network infrastructure significantly enhances its flexibility and favors fast deployment of new protocols, but also introduces serious security risks. It is crucial to protect the whole distributed infrastructure, especially its availability in case of denial-of-service attacks. A security framework for programmable networks may provide security solutions at different levels of ...
متن کاملSecure Quality of Service Handling: SQoSH
Proposals for programmable network infrastructures, such as active networks and open signaling, provide programmers with access to network resources and data structures. The motivation for providing these interfaces is accelerated introduction of new services, but exposure of the interfaces introduces many new security risks. The risks can be reduced or eliminated via appropriate restrictions o...
متن کاملNeural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کامل