Moving-target Defense against Botnet Reconnaissance and an Adversarial Coupon-Collection Model
This work addresses DDoS defense for cloud systems, but it appears incremental as it applies known moving-target techniques to a specific scenario.
The paper tackles the problem of mitigating DDoS attacks by disrupting the attacker's reconnaissance phase using a proactive moving-target defense in a cloud-based multiserver system, resulting in reduced attack impact as demonstrated through an AWS prototype and numerical evaluations.
We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart a DDoS attacker's reconnaissance phase and consequently reduce the attack's impact. The defense is effectively a moving-target (motag) technique in which the proxies dynamically change. The system is evaluated using an AWS prototype of HTTP redirection and by numerical evaluations of an adversarial coupon-collector mathematical model, the latter allowing larger-scale extrapolations.