HoneyMesh: Preventing Distributed Denial of Service Attacks using Virtualized Honeypots

Abstract

— Today, internet and web services have become an inseparable part of our lives. Hence, ensuring continuous availability of service has become imperative to the success of any organization. But these services are often hampered by constant threats from myriad types of attacks. One such attack is called distributed denial of service attack that results in issues ranging from temporary slowdown of servers to complete non-availability of service. Honeypot, which is a sort of a trap, can be used to interact with potential attackers to deflect, detect or prevent such attacks and ensure continuous availability of service. This paper gives insights into the problems posed by distributed denial of service attacks, existing solutions that use honeypots and how a mesh of virtualized honeypots can be used to prevent distributed denial of service attacks. Keywords—Distributed denial of service, handler, agent, attack source, victim server, firewall, honeypot, virtual machines, daemon, behavioral analysis, challenge response, virtual network, flooding, crashing, intrusion detection, router, honeywall, honeymesh. I. INTRODUCTION In today's world of technology and computers, internet serves as a critical platform for both service providers and consumers. The success of any venture is critically dependent on reliability and continuous availability of service. Thus, it's crucial for service providers to protect their servers from various security threats and attacks. Of all the attacks that hinder the availability of service, a denial of service attack poses maximum threat to an organization since it has direct effect on the service availability to a consumer. A denial of service attack results in a temporary or long-term non-availability of a service to its intended users by the way of either crashing a service resulting in complete non-availability or by flooding a server with fraudulent requests thereby slowing down the delivery of service to real users [1]. Honeypot can be used as an intrusion detection mechanism that can replicate some or all actions of a server and effectively monitor potential attackers thereby enabling the server admins to detect and prevent potential denial of service attacks to ensure a reliable and continuous service to their intended users.