Dan Rubenstein's DDoS Prevention Research
Return to main research
page
Secure Overlay Systems (also described here) was
designed to proactively thwart DDoS attacks. The fundamental idea was
to utilize network overlays to route traffic. The server to be
protected would select a subset of overlay nodes from whom it would
receive traffic. Traffic from any other source would be dropped. The
key idea was to keep the identities of these nodes secret from the
general (potential attacker) public. The overlay would be used to
route packets to these secret nodes, where other overlay nodes would
verify traffic as being legitimate before forwarding it within the
overlay. Hence, the burden of authenticating traffic could be
distributed anywhere within the large-scale network.
The original idea was formulated and analyzed in [KMR02], a refined version later appeared in [KMR04]. We also applied/extended SOS for specific
environments, such as web-hosting services [MSCKMR03] (extended in [[SCMKMR05]) and to electronic payment environments
[SIKMR04].
- [KMR02] Angelos Keromytis, Vishal Misra,
and Dan Rubenstein. SOS: Secure overlay services. In Proceedings of
ACM Sigcomm, Pittsburgh, PA, September 2002.
- [KMR04] Angelos Keromytis, Vishal Misra,
and Dan Rubenstein. Sos: An architecture for mitigating ddos
attacks. IEEE Journal on Selected Areas in Communications (JSAC),
special issue on Service Overlay Networks, 22(1), January 2004.
- [MSCKMR03] William G. Morein, Angelos
Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, and Dan
Rubenstein. Using
graphic turing tests to counter automated ddos attacks against web
servers. In Proceedings of the 10th ACM International Conference
on Computer and Communications Security
(CCS), Washington D.C., October 2003.
- [SCMKMR05] Angelos Stavrou, Debra L. Cook,
William G. Morein, Angelos D. Keromytis, Vishal Misra, and Dan
Rubenstein. Websos: An overlay-based system for protecting web servers
from denial of service attacks. Journal of Communication Networks,
48(5), August 2005.
- [SIKMR04] Angelos Stavrou, John Ioannidis, Angelos D. Keromytis, Vishal
Misra, and Dan Rubenstein. A pay- per-use dos protection mechanism for
the web. In In Proceedings of the 2nd Applied Cryptography and Network
Security (ACNS) Conference, Yellow Mountain, China, June 2004.
Return to main research
page