Browse > Article
http://dx.doi.org/10.3745/KIPSTA.2003.10A.1.007

A Scheme of Resource Reallocation and Server Replication against DoS Attacks  

Min, Byoung-Joon (인천대학교 컴퓨터공학과)
Kim, Sung-Ki (인천대학교 대학원 컴퓨터공학과)
Na, Yong-Hi (인천대학교 대학원 컴퓨터공학과)
Lee, Ho-Jae (한국정보보호진흥원)
Choi, Joong-Sup (한국정보보호진흥원)
Kim, Hong-Geun (한국정보보호진흥원)
Publication Information
The KIPS Transactions:PartA / v.10A, no.1, 2003 , pp. 7-14 More about this Journal
Abstract
In order to cope with DoS (Denial of Service) attacks disturbing delivery of intended services by exhausting resources of computing nodes, we need a solution to recognize important resources for the essential services which have to be maintained under any circumstances and to adapt the system to the urgent situation and reconfigure itself properly. In this paper, we present a two-phase scheme to handle the problem. In the first phase, by means of dynamic resource reallocation within a computing node, we try to make the selected essential services survive even after the occurrence of an attack. For the second phase when it becomes impossible to continue the service in spite of the actions taken in the first phase, we apply server replication in order to continue the transparent provision of the essential services with the end users by utilizing redundant computing nodes previously arranged. Experimental result obtained on a testbed reveals the validity of the proposed scheme. A comparison with other proposed schemes has been conducted by analyzing the performance and the cost.
Keywords
Survivability; Resource reallocation; Server Replication; Intrusion Tolerance;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Brian Randell, 'Dependability-Unifying Concept,' Computer Security, Dependability & Assurance: From Needs to Solutions, 1998   DOI
2 V. Stavridou, 'Intrusion Tolerant Software Architectures,' DARPA Information Survivability Conference & EXposition, 2001   DOI
3 Working Paper, 'The European Dependability Initiative,' Dec., 2000
4 Marc Wilikens, et al., 'Defining the European Dependability Initiative,' May, 1998
5 National Security Agency, Defence Advanced Research Projects Agency, Office of the Assistant Secretary of Defence, 'Securing the U.S Defence Information Infrastructures : A Proposed Approach,' 1998
6 Matti A. Hiltunen et al., 'Survivability through Customization and Adaptability : The Cactus Approach', DARPA Information Survivability Conference & EXposition, 2000   DOI
7 Wang, F. et al, 'SITAR : A Scalable Intrusion-Tolerant Architecture for Distributed Services,' DARPA Information Survivability Conference & EXposition, 2001   DOI
8 Marshall Pease, Robert Shostak, Leslie Lamport, 'Reaching Agreement in the Presence of Faults', Journal of the ACM, 27/2, pp.228-234, 1980   DOI
9 Sun Microsystems, Sun's tcp syn flooding solutions, http://ciac.llnl.gov/ciac/bulletins/h-02.html
10 Reynolds, J. et al., 'The Design and Implementation of an Intrusion Tolerant System', Proc. of Int'l Conference on Dependable Systems and Networks, 2002