A Scheme of Resource Reallocation and Server Replication against DoS Attacks

In order to cope with DoS (Denial of Service) attacks disturbing delivery of intended services by exhausting resources of computing nodes, we need a solution to recognize important resources for the essential services which have to be maintained under any circumstances and to adapt the system to the urgent situation and reconfigure itself properly. In this paper, we present a two-phase scheme to handle the problem. In the first phase, by means of dynamic resource reallocation within a computing node, we try to make the selected essential services survive even after the occurrence of an attack. For the second phase when it becomes impossible to continue the service in spite of the actions taken in the first phase, we apply server replication in order to continue the transparent provision of the essential services with the end users by utilizing redundant computing nodes previously arranged. Experimental result obtained on a testbed reveals the validity of the proposed scheme. A comparison with other proposed schemes has been conducted by analyzing the performance and the cost.

[1]  B. Dutertre,et al.  Intrusion tolerant software architectures , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[2]  Luca Cardelli,et al.  On understanding types, data abstraction, and polymorphism , 1985, CSUR.

[3]  Peter Wegner Classification in object-oriented systems , 1986 .

[4]  Kristen Nygaard,et al.  SIMULA: an ALGOL-based simulation language , 1966, CACM.

[5]  Matti A. Hiltunen,et al.  Survivability through customization and adaptability: the Cactus approach , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[6]  John C. Mitchell,et al.  F-bounded polymorphism for object-oriented programming , 1989, FPCA.

[7]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[8]  Scott Danforth,et al.  Type theories and object-oriented programmimg , 1988, CSUR.

[9]  QingMing Ma,et al.  Parametricity as subtyping , 1992, POPL '92.

[10]  Brian Randell,et al.  Dependability-a unifying concept , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[11]  Antero Taivalsaari,et al.  On the notion of inheritance , 1996, CSUR.

[12]  Feiyi Wang,et al.  SITAR: a scalable intrusion-tolerant architecture for distributed services - a technology summary , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[13]  John D. McGregor,et al.  Understanding object-oriented: a unifying paradigm , 1990, CACM.

[14]  Martín Abadi,et al.  Formal parametric polymorphism , 1993, POPL '93.