Sciweavers

JPDC
2006

Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks

13 years 3 months ago
Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks
Any packet destined to a honeypot machine (that is, a decoy server machine) is most probably an attack packet. We propose honeypot back-propagation, a scheme that traces attack packets received by honeypots back to their source(s) and stops the attack source(s). In the proposed scheme, a server acts as a honeypot for some periods of time (honeypot epochs) and automatically triggers a hop-by-hop traceback of possible attackers (through back-propagation) during each honeypot epoch. In order to make the honeypots even much harder to evade, the start and end times of each honeypot epoch are unpredictable to attackers. We also propose progressive back-propagation, in which the information gathered during a honeypot epoch is used in subsequent epochs, to handle low-rate attacks, such as on-off attacks with short bursts. We developed an analytical model to estimate the expected time to reach and stop an attack source in the case of continuous and on-off attacks. Through ns-2 simulations, we ...
Sherif M. Khattab, Rami G. Melhem, Daniel Moss&eac
Added 13 Dec 2010
Updated 13 Dec 2010
Type Journal
Year 2006
Where JPDC
Authors Sherif M. Khattab, Rami G. Melhem, Daniel Mossé, Taieb Znati
Comments (0)