A moving target defense approach to mitigate DDoS attacks against proxy-based architectures

机译：移动目标防御方法可缓解针对基于代理的体系结构的DDoS攻击

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Distributed Denial of Service attacks against high-profile targets have become more frequent in recent years. In response to such massive attacks, several architectures have adopted proxies to introduce layers of indirection between end users and target services and reduce the impact of a DDoS attack by migrating users to new proxies and shuffling clients across proxies so as to isolate malicious clients. However, the reactive nature of these solutions presents weaknesses that we leveraged to develop a new attack - the proxy harvesting attack - which enables malicious clients to collect information about a large number of proxies before launching a DDoS attack. We show that current solutions are vulnerable to this attack, and propose a moving target defense technique consisting in periodically and proactively replacing one or more proxies and remapping clients to proxies. Our primary goal is to disrupt the attacker's reconnaissance effort. Additionally, to mitigate ongoing attacks, we propose a new client-to-proxy assignment strategy to isolate compromised clients, thereby reducing the impact of attacks. We validate our approach both theoretically and through simulation, and show that the proposed solution can effectively limit the number of proxies an attacker can discover and isolate malicious clients.

机译：近年来，针对知名目标的分布式拒绝服务攻击变得更加频繁。为了应对这种大规模攻击，一些体系结构采用了代理，以在最终用户和目标服务之间引入间接层，并通过将用户迁移到新代理并在代理之间重新分配客户端来减少DDoS攻击的影响，从而隔离恶意客户端。但是，这些解决方案的反应性性质带来了我们可以利用来开发新攻击的弱点-代理收集攻击-它使恶意客户端可以在发起DDoS攻击之前收集有关大量代理的信息。我们展示了当前的解决方案容易受到这种攻击，并提出了一种移动目标防御技术，该技术包括定期主动地替换一个或多个代理并将客户端重新映射到代理。我们的主要目标是破坏攻击者的侦察工作。此外，为减轻持续的攻击，我们提出了一种新的客户端到代理分配策略，以隔离受感染的客户端，从而减少攻击的影响。我们在理论上和通过仿真验证了我们的方法，并表明所提出的解决方案可以有效地限制攻击者可以发现和隔离恶意客户端的代理数量。

著录项

来源
《IEEE Conference on Communications and Network Security》|2016年|198-206|共9页
会议地点
作者
Sridhar Venkatesan; Massimiliano Albanese; Kareem Amin; Sushil Jajodia; Mason Wright;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Servers; Computer crime; IP networks; Conferences; Communication networks; Relays;

机译：服务器;计算机犯罪; IP网络;会议;通讯网络;中继;

相似文献

外文文献
中文文献
专利

1. CONDENSE: A Moving Target Defense Approach for Mitigating Cache Side-Channel Attacks [J] . Dai Chenxi, Adegbija Tosiron Consumer Electronics Magazine, IEEE . 2020,第3期

机译：凝结：用于减轻缓存侧通道攻击的移动目标防御方法
2. Cost-effective moving target defense against DDoS attacks using trilateral game and multi-objective Markov decision processes [J] . Yuyang Zhou, Guang Cheng, Shanqing Jiang, Computers & Security . 2020,第Octa期

机译：使用三边游戏和多目标马尔可夫决策流程对DDOS攻击进行经济高效的移动目标防御
3. Moving Target Defense based on Switched Supervisory Control: A New Technique for Mitigating Sensor Deception Attacks 1 [J] . R?mulo Meira-Góes, Stéphane Lafortune IFAC PapersOnLine . 2020,第4期

机译：基于交换监控控制的移动目标防御：减轻传感器欺骗攻击的新技术 1
4. A moving target defense approach to mitigate DDoS attacks against proxy-based architectures [C] . Sridhar Venkatesan, Massimiliano Albanese, Kareem Amin, IEEE Conference on Communications and Network Security . 2016

机译：一种移动目标防御方法，可以减轻基于代理的架构的DDOS攻击
5. Optimal Planning and Operation of Moving Target Defense for Detecting False Data Injection Attacks in Smart Grids [D] . Liu, Bo. 2021

机译：移动目标防御的最佳规划和运行，用于检测智能电网的假数据注入攻击
6. Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach [O] . Jesús Galeano-Brajones, Javier Carmona-Murillo, Juan F. Valenzuela-Valdés, 2020

机译：基于物联网的状态SDN中DoS和DDoS攻击的检测和缓解：一种实验方法
7. A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense [O] . Yuyang Zhou, Guang Cheng, Shanqing Jiang, 2019

机译：使用移动目标防御对DDOS攻击的经济有效的洗牌方法

A moving target defense approach to mitigate DDoS attacks against proxy-based architectures

摘要

著录项

相似文献

相关主题

期刊订阅