Improving Availability with Adaptive Roaming Replicas in Presence of Determined DoS Attacks

Static replicas have been proven useful in providing fault tolerance and load balancing, but they may not provide enough assurance on the continuous availability of mission- critical data in face of a determined denial-of-service (DoS) attacker. A roaming replica scheme can provide higher availability assurance, but the overhead associated with replica movement and lookup is high. In this paper, we propose ARRP, an adaptive roaming replication protocol in which static replicas are used normally but if a certain percentage of static replicas has already been shut down, then a small number of roaming replicas will be added and stored in randomly selected hosts that are changed periodically. In particular, we analyze the appropriate threshold when the roaming replica scheme should be enabled by empirically investigating the tradeoff between availability, performance, and overhead. Simulation results show that ARRP can effectively mitigate the impacts of DoS attacks and host failures to ensure continuous availability of critical data, with better performance and reasonable overhead compared to only using static replicas.

[1]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[2]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[3]  Mudhakar Srivatsa,et al.  Countering Targeted File Attacks Using LocationGuard , 2005, USENIX Security Symposium.

[5]  Michal Szymaniak,et al.  Latency-Driven Replica Placement , 2006 .

[6]  T. Znati,et al.  Proactive server roaming for mitigating denial-of-service attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..

[7]  Novella Bartolini,et al.  Dynamic replica placement and user request redirection in content delivery networks , 2005, IEEE International Conference on Communications, 2005. ICC 2005. 2005.

[8]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[9]  Randy H. Katz,et al.  Quantifying Network Denial of Service: A Location Service Case Study , 2001, ICICS.

[10]  Randy H. Katz,et al.  Dynamic Replica Placement for Scalable Content Delivery , 2002, IPTPS.

[11]  Jianliang Xu,et al.  On replica placement for QoS-aware content distribution , 2004, IEEE INFOCOM 2004.

[12]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.