Method and apparatus for improving the resilience of content distribution networks to distributed denial of service attacks

Assignee

• International Business Machines Corporation · US

Inventors

• Suresh N. Chari · Yorktown Heights, US
• Pau-Chen Cheng · Yorktown Heights, US
• Kang-Won Lee · Suwon-si, KR
• Sambit Sahu · Hawthorne, US
• Anees A. Shaikh · Yorktown Heights, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/1001
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Several deterrence mechanisms suitable for content distribution networks (CDN) are provided. These include a hash-based request routing scheme and a site allocation scheme. The hash-based request routing scheme provides a way to distinguish legitimate requests from bogus requests. Using this mechanism, an attacker is required to generate O(n2)amount of traffic to victimize a CDN-hosted site when the site content is served from n CDN caches. Without these modifications, the attacker must generate only O(n) traffic to bring down the site. The site allocation scheme provides sufficient isolation among CDN-hosted Web sites to prevent an attack on one Web site from making other sites unavailable. Using an allocation strategy based on binary codes, it can be guaranteed that a successful attack on any individual Web site that disables its assigned servers, does not also bring down other Web sites hosted by the CDN.