By Topic

Middleware-based approach for preventing distributed deny of service attacks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Wei Yu ; Dept. of Comput. Sci., Texas A&M Univ., College Station, TX, USA ; Dong Xuan ; Wei Zhao

We extend our previous study on VPOE (virtual private operation environment) to provide DDOS (distributed denial of service) prevention in a distributed heterogeneous environment (Wei Yu et al., IEEE Trans. on Systems, Man, and Cybernetics, 2002). We introduce our integrated middleware-based defense system to support this service by studying two important components, middleware box and domain agent. Our technology includes the following: (1) we adopt network-based middlewares which are realized by special devices inserted in various locations of the network and which cooperate to achieve the defense mission objectives; (2) we take generic primitive and role-based approaches; with network primitives, middlewares are programmable entities and can change their roles during the system run-time according to the system defense requirements; (3) we take generic signaling control protocols by which middlewares can cooperate with each other effectively to achieve the high defense performance globally. Middlewares provide transparent services to applications and make our solution both upward and downward compatible. Thus, our technology can easily be deployed with the current infrastructures. By using the generic middleware box control protocols and network primitives, the middleware boxes can cooperatively share the countermeasure information and easily change their roles in run-time to prevent DDOS attacks efficiently. In this sense, our defense system can adaptively deploy the defense strategy according to the dynamic network attack situation. As a result, our technology is effective and can be used in a large system.

Published in:

MILCOM 2002. Proceedings  (Volume:2 )

Date of Conference:

7-10 Oct. 2002