Honeypot Scheme for Distributed Denial-of-Service

Honeypots are physical or virtual machines successfully used as intrusion detection tools to detect worm-infected hosts. Denial of service (DoS) attack consumes the resources of a remote client or network itself, there by denying or degrading the service to the legitimate users. In a DoS defense mechanism, a honeypot acts as a detective server among the pool of servers in a specific network; where any packet received by the honeypot is most likely a packet from an attacker. This paper points out a number of drawbacks such as Legitimate Attacker and Link Unreachable problem in the existing honeypot schemes. This paper proposes a new efficient honeypot model to solve all the existing problems by opening a virtual communication port for any specific communication between an authorized client and server; and by providing facility to act as an Active Server (AS) for any honeypot.

[1]  Michael K. Reiter,et al.  Mitigating bandwidth-exhaustion attacks using congestion puzzles , 2004, CCS '04.

[2]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[3]  T. Znati,et al.  Proactive server roaming for mitigating denial-of-service attacks , 2003, International Conference on Information Technology: Research and Education, 2003. Proceedings. ITRE2003..

[4]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[5]  Y. Kadobayashi,et al.  An implementation of a hierarchical IP traceback architecture , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[6]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[7]  T. H. Minshall Know Your Enemy , 1945 .

[8]  Rami G. Melhem,et al.  A simulation study of the proactive server roaming for mitigating denial of service attacks , 2003, 36th Annual Simulation Symposium, 2003..

[9]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[10]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[11]  Dawn Song,et al.  StackPi: A New Defense Mechanism against IP Spoofing and DDoS Attacks , 2003 .

[12]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[13]  Karsten P. Ulland,et al.  Vii. References , 2022 .

[14]  Charles E. Perkins,et al.  IP Mobility Support , 1996, RFC.

[15]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[16]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[17]  Rami G. Melhem,et al.  Roaming honeypots for mitigating service-level denial-of-service attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[18]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[19]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[20]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[21]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).