Abstract
DoS/DDoS attacks have become one of the most critical security problems in today's network systems, which is easy to launch by hackers but hard to protect by victims. This paper presents a novel and robust mechanism, named Rebound Wall, which proves very effective to protect a victim server from DoS attacks and easy to deploy in practice. The rebound wall comprises of available machines in the LAN, surrounding the core server. Unlike the existing DoS defense techniques which rely much on marking and/or filtering, the rebound wall utilizes roaming crypt-doors. Valid requests can only go through a designated entrance to the server. These entrance machines are roaming over the rebound wall, so that hackers cannot find the target to launch effective attacks. Some other new technologies and protocols that are necessary to furnish the rebound wall technology are also presented in this paper, including Floating Entrance, Entrance Switch, User-end Authentication, Entrance-based Privilege Control, and Traceback. A survivability model is further built for the rebound wall based on a CTMC. A rebound wall was implemented in reality. Both experimental data and analytical results validated the effectiveness, efficiency, and robustness of the rebound wall technology. We finally compare the rebound wall with other related and advanced technologies against DoS/DDoS. [PUBLICATION ABSTRACT]