Hierarchical Defense Structure for Mitigating DoS Attacks

Document type: Conference Papers
Peer reviewed: Yes
Author(s): Henric Johnson, Babar Qaisrani, Markus Fiedler, Felix Wu, Arne A. Nilsson
Title: Hierarchical Defense Structure for Mitigating DoS Attacks
Conference name: 5th International Conference on Networking
Year: 2006
Pagination: 83-92
ISBN: 0-7695-2552-0
Publisher: IEEE
Organization: Blekinge Institute of Technology
Department: School of Engineering - Dept. of Telecommunication Systems (Sektionen för teknik – avd. för telekommunikationssystem)
School of Engineering S- 372 25 Ronneby
+46 455 38 50 00
Authors e-mail: hjo@bth.se, bqa@bth.s, mfi@bth.se, wu@cs.ucdavis.edu, ano@bth.se
Language: English
Abstract: This paper provides the contribution of mitigating a Denial-of-Service (DoS) attack via a developed hierarchical defense structure with
proactive functionality. An important aspect is the tradeoff between performance and security. This novel hierarchical architecture is presented with lightweight authentication protocols acting as a classifier to deny access to harmful traffic. An empirical test of the proposed structure has been performed and results are reported which display the capability of the structure to filter and separate the attack traffic before reaching the target of an IPSec gateway.
Thus, the filtering of traffic is performed without being the target itself for new resource exhaustion attacks.
The considered IPSec environment is based on IPSec gateways for the low-end market, i.e., for small businesses or private networks.
Subject: Telecommunications\Network Security