George Mason University
George Mason University Mason
George Mason University

A Moving Target DDoS Defense Mechanism

by Huangxin Wang / Daniel Fleck / Walter Powell / Fei Li / Angelos Stavrou

Publication Details MORE LESS

  • Published Date: June 15, 2014
  • Volume/Issue: Vol. 46
  • Publisher: Elsevier
  • Publication: Computer Communications

Abstract

In this paper, we introduce a moving target defense mechanism that defends authenticated clients against Internet service DDoS attacks. Our mechanism employs a group of dynamic, hidden proxies to relay traffic between authenticated clients and servers. By continuously replacing attacked proxies with backup proxies and reassigning (shuffling) the attacked clients onto the new proxies, innocent clients are segregated from malicious insiders through a series of shuffles. To accelerate the process of insider segregation, we designed an efficient greedy algorithm which is proven to have near optimal empirical performance. In addition, the insider quarantine capability of this greedy algorithm is studied and quantified to enable defenders to estimate the resource required to defend against DDoS attacks and meet defined QoS levels under various attack scenarios. Simulations were then performed which confirmed the theoretical results and showed that our mechanism is effective in mitigating the effects of a DDoS attack. The simulations also demonstrated that the overhead introduced by the shuffling procedure is low.

Other Contributors

Quan Jia

Expertise