Mitigating Denial Of Services Using Secure Overlay Service Model

Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic. A secure overlay services (SOS) architecture has been proposed to provide reliable communication between clients and a target under DoS attacks. The SOS architecture employs a set of overlay nodes arranged in three hierarchical layers that controls access to the target. We propose an architecture called secure overlay services (SOS) that proactively prevents denial of service (DoS) attacks, which works toward supporting emergency services, or similar types of communication. The architecture uses a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by: 1) performing intensive filtering near protected network edges, pushing the attack point into the core of the network, where high-speed routers can handle the volume of attack traffic and 2) introducing randomness and anonymity into the forwarding architecture, making it difficult for an attacker to target nodes along the path to a specific SOSprotected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOS protected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.