FOSeL: Filtering by Helping an Overlay Security Layer to Mitigate DoS Attacks

Abstract

Denial of service (DoS) attacks are major threat against availability in the Internet. A large number of countermeasure techniques try to detect attack and then filter out DoS attack packets. Unfortunately these techniques that filter DoS traffic by looking at known attack patterns or statistical anomalies in the traffic patterns can be defeated by changing the attack patterns and masking the anomalies that are sought by the filter. Hence, detecting DoS traffic is one of the main challenges for filtering techniques. Furthermore techniques that drop any malicious packet need to process the packet and processing is time-consuming. This paper addresses how an efficient and good filter can be designed by helping an overlay network layer to mitigate DoS attacks. Fosel (filtering by helping an overlay security layer) filter is independent from DoS attack types, so we do not worry about the changing attack patterns. Furthermore it reduces processing time noticeably. Through simulation this paper shows by employing Fosel filter, DoS attacks have a negligible chance to saturate the target by malicious packets. Our simulation demonstrates that Fosel architecture reduces the probability of successful attack to minuscule levels. Furthermore Fosel is between 10% and 50% faster than SOS (secure overlay services) (Keromytis et al., 2002) architecture to drop malicious packets based on attack rate.