Biblio
Filters: Author is Shan, Yuquan [Clear All Filters]
.
2018. Moving-Target Defense Against Botnet Reconnaissance and an Adversarial Coupon-Collection Model. 2018 IEEE Conference on Dependable and Secure Computing (DSC). :1—8.
We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart a DDoS attacker's reconnaissance phase and consequently reduce the attack's impact. The defense is effectively a moving-target (motag) technique in which the proxies dynamically change. The system is evaluated using an AWS prototype of HTTP redirection and by numerical evaluations of an “adversarial” coupon-collector mathematical model, the latter allowing larger-scale extrapolations.
.
2017. Cloud-Side Shuffling Defenses Against DDoS Attacks on Proxied Multiserver Systems. Proceedings of the 2017 on Cloud Computing Security Workshop. :1–10.
We consider a cloud based multiserver system, consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We address cloud-side proactive and reactive defenses to combat DDoS attacks that may target this system. DDoS attacks are endemic with some notable attacks occurring just this past fall. Volumetric attacks may target proxies while "low volume" attacks may target replicas. After reviewing existing and proposed defenses, such as changing proxy IP addresses (a "moving target" technique to combat the reconnaissance phase of the botnet) and fission of overloaded servers, we focus on evaluation of defenses based on shuffling client-to-server assignments that can be both proactive and reactive to a DDoS attack. Our evaluations are based on a binomial distribution model that well agrees with simulations and preliminary experiments on a prototype that is also described.