S. Khattab, Chatree Sangpachatanaruk, D. Mossé, R. Melhem, T. Znati
{"title":"用于减轻服务级拒绝服务攻击的漫游蜜罐","authors":"S. Khattab, Chatree Sangpachatanaruk, D. Mossé, R. Melhem, T. Znati","doi":"10.1109/ICDCS.2004.1281598","DOIUrl":null,"url":null,"abstract":"Honeypots have been proposed to act as traps for malicious attackers. However, because of their deployment at fixed (thus detectable) locations and on machines other than the ones they are supposed to protect, honeypots can be avoided by sophisticated attacks. We propose roaming honeypots, a mechanism that allows the locations of honeypots to be unpredictable, continuously changing, and disguised within a server pool. A (continuously changing) subset of the servers is active and providing service, while the rest of the server pool is idle and acting as honeypots. We utilize our roaming honeypots scheme to mitigate the effects of service-level DoS attacks, in which many attack machines acquire service from a victim server at a high rate, against back-end servers of private services. The roaming honeypots scheme detects and filters attack traffic from outside a firewall (external attacks), and also mitigates attacks from behind a firewall (internal attacks) by dropping all connections when a server switches from acting as a honeypot into being active. Through ns-2 simulations, we show the effectiveness of our roaming honeypots scheme. In particular, against external attacks, our roaming honeypots scheme provides service response time that is independent of attack load for a fixed number of attack machines.","PeriodicalId":348300,"journal":{"name":"24th International Conference on Distributed Computing Systems, 2004. Proceedings.","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2004-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"85","resultStr":"{\"title\":\"Roaming honeypots for mitigating service-level denial-of-service attacks\",\"authors\":\"S. Khattab, Chatree Sangpachatanaruk, D. Mossé, R. Melhem, T. Znati\",\"doi\":\"10.1109/ICDCS.2004.1281598\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Honeypots have been proposed to act as traps for malicious attackers. However, because of their deployment at fixed (thus detectable) locations and on machines other than the ones they are supposed to protect, honeypots can be avoided by sophisticated attacks. We propose roaming honeypots, a mechanism that allows the locations of honeypots to be unpredictable, continuously changing, and disguised within a server pool. A (continuously changing) subset of the servers is active and providing service, while the rest of the server pool is idle and acting as honeypots. We utilize our roaming honeypots scheme to mitigate the effects of service-level DoS attacks, in which many attack machines acquire service from a victim server at a high rate, against back-end servers of private services. The roaming honeypots scheme detects and filters attack traffic from outside a firewall (external attacks), and also mitigates attacks from behind a firewall (internal attacks) by dropping all connections when a server switches from acting as a honeypot into being active. Through ns-2 simulations, we show the effectiveness of our roaming honeypots scheme. In particular, against external attacks, our roaming honeypots scheme provides service response time that is independent of attack load for a fixed number of attack machines.\",\"PeriodicalId\":348300,\"journal\":{\"name\":\"24th International Conference on Distributed Computing Systems, 2004. Proceedings.\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2004-03-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"85\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"24th International Conference on Distributed Computing Systems, 2004. Proceedings.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDCS.2004.1281598\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"24th International Conference on Distributed Computing Systems, 2004. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS.2004.1281598","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Roaming honeypots for mitigating service-level denial-of-service attacks
Honeypots have been proposed to act as traps for malicious attackers. However, because of their deployment at fixed (thus detectable) locations and on machines other than the ones they are supposed to protect, honeypots can be avoided by sophisticated attacks. We propose roaming honeypots, a mechanism that allows the locations of honeypots to be unpredictable, continuously changing, and disguised within a server pool. A (continuously changing) subset of the servers is active and providing service, while the rest of the server pool is idle and acting as honeypots. We utilize our roaming honeypots scheme to mitigate the effects of service-level DoS attacks, in which many attack machines acquire service from a victim server at a high rate, against back-end servers of private services. The roaming honeypots scheme detects and filters attack traffic from outside a firewall (external attacks), and also mitigates attacks from behind a firewall (internal attacks) by dropping all connections when a server switches from acting as a honeypot into being active. Through ns-2 simulations, we show the effectiveness of our roaming honeypots scheme. In particular, against external attacks, our roaming honeypots scheme provides service response time that is independent of attack load for a fixed number of attack machines.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
