Organic Techniques for Protecting Virtual Private Network (VPN) Services from Access Link Flooding Attacks

Abstract

Distributed Denial-of-Service (DDoS) attacks represent a serious threat to enterprises operating over the Internet. A notable form of DDoS attack is the access link flooding attack that directs spurious packet traffic over the access link connecting an enterprise's network (i.e., an edge network) to the public Internet. Such overloading of the network access link by the attack traffic may result in partial or total denial of service to the subscribers of the edge network. This paper presents several design techniques for protecting edge networks against access link flooding attacks. The approach for survivability employed by these techniques is predicated upon making the failover mechanisms that are invoked by the system upon detection of an attack appear to be an unpredictable process from the perspective of the attacker. A prototype implementation of an operational survivable virtual private network (VPN) service built using these techniques is also described.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2002
Accession Number
ADA436292

Entities

People

  • David Baca
  • Doug Harper
  • John Wu
  • Kevin Millikin
  • Maher Kaddoura
  • Ranga S. Ramanujan

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Bandwidth
  • Computer Networks
  • Denial Of Service Attack
  • Detection
  • Environment
  • Floods
  • Information Operations
  • Information Processing
  • Infrastructure
  • Internet
  • Local Area Networks
  • Network Protocols
  • Networks
  • Packet Loss
  • Prototypes
  • Spine
  • Survivability

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Maritime Combat Support and Expeditionary Logistics.