A simulation study of the proactive server roaming for mitigating denial of service attacks

Abstract

The main goal of the NETSEC project is to design and implement a framework for mitigating the effects of the node-based and link-based denial of service (DoS) attacks. Our strategy employs three lines of defense. The first line of defense is to restrict the access to the defended services using offline service subscription, encryption and other traditional security techniques. The second line of defense is server roaming, by which we mean the migration of the service from one server to another, where the new server has a different IP address. Finally, each server and firewall(s) implement resource management schemes as a third line of defense. For example, deploying separate input queues to allocate different classes of service requests. We show our simulation study on the second line of defense, the server roaming. The design and procedure of the sever roaming on the NS2 is described. The promising results of applying the server roaming to mitigate the DoS attack in the simulation are also shown with analysis.