Ricardo Macedo, A. Santos, Y. Ghamri-Doudane, M. N. Lima
{"title":"一种通过重组来缓解IdM系统中DDoS攻击的方案","authors":"Ricardo Macedo, A. Santos, Y. Ghamri-Doudane, M. N. Lima","doi":"10.1109/NOMS.2016.7502825","DOIUrl":null,"url":null,"abstract":"Identity management (IdM) systems employ Identity Providers (IdPs), as guardians of users' critical information. However, Distributed Denial-of-Service (DDoS) attacks can make IdPs operations unavailable, compromising legitimate users. In the literature, the main countermeasures against DDoS attacks are based on either the application of external resources to extend the system lifetime (replication) or on the DDoS attacks detection. The first approach increases the solutions cost, and in general the second one is prone to high rates of false negatives and/or false positives. This work presents SAMOS, a first scheme to mitigate DDoS attacks in IdM systems through a novel approach: organizations of IdP clustering using optimization techniques. SAMOS is started based on the monitoring of processing and memory resources, differently from the solutions in the literature that are started based on the attack detection by the network traffic analysis. SAMOS minimizes the DDoS attacks effects using operational IdPs in the system, differently from the works that employ external computer resources. Results considering data from real IdM systems indicate the scheme viability.","PeriodicalId":344879,"journal":{"name":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A scheme for DDoS attacks mitigation in IdM systems through reorganizations\",\"authors\":\"Ricardo Macedo, A. Santos, Y. Ghamri-Doudane, M. N. Lima\",\"doi\":\"10.1109/NOMS.2016.7502825\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Identity management (IdM) systems employ Identity Providers (IdPs), as guardians of users' critical information. However, Distributed Denial-of-Service (DDoS) attacks can make IdPs operations unavailable, compromising legitimate users. In the literature, the main countermeasures against DDoS attacks are based on either the application of external resources to extend the system lifetime (replication) or on the DDoS attacks detection. The first approach increases the solutions cost, and in general the second one is prone to high rates of false negatives and/or false positives. This work presents SAMOS, a first scheme to mitigate DDoS attacks in IdM systems through a novel approach: organizations of IdP clustering using optimization techniques. SAMOS is started based on the monitoring of processing and memory resources, differently from the solutions in the literature that are started based on the attack detection by the network traffic analysis. SAMOS minimizes the DDoS attacks effects using operational IdPs in the system, differently from the works that employ external computer resources. Results considering data from real IdM systems indicate the scheme viability.\",\"PeriodicalId\":344879,\"journal\":{\"name\":\"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-04-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOMS.2016.7502825\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2016.7502825","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A scheme for DDoS attacks mitigation in IdM systems through reorganizations
Identity management (IdM) systems employ Identity Providers (IdPs), as guardians of users' critical information. However, Distributed Denial-of-Service (DDoS) attacks can make IdPs operations unavailable, compromising legitimate users. In the literature, the main countermeasures against DDoS attacks are based on either the application of external resources to extend the system lifetime (replication) or on the DDoS attacks detection. The first approach increases the solutions cost, and in general the second one is prone to high rates of false negatives and/or false positives. This work presents SAMOS, a first scheme to mitigate DDoS attacks in IdM systems through a novel approach: organizations of IdP clustering using optimization techniques. SAMOS is started based on the monitoring of processing and memory resources, differently from the solutions in the literature that are started based on the attack detection by the network traffic analysis. SAMOS minimizes the DDoS attacks effects using operational IdPs in the system, differently from the works that employ external computer resources. Results considering data from real IdM systems indicate the scheme viability.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
