An improved solution against DoS attacks using active network technology

Network Security is a key problem that is ignored by people or is difficult to solve, especially some network attack plotted by illegal users, such as DoS and DDoS attacks. Although DoS and DDoS attacks can be treated as a congestion-control problem, most congestions are caused by those illegal users who do not obey end-end congestion control. So this problem must be solved through cooperation of IDSs and middle nodes (router, switch and so on). Appearance of active network architecture provides a beneficial condition for solving the problem. In active network, some computation functionality can be added into each middle node, so these middle nodes can identify and drop those flow-packets belonging to DoS/DDoS attacks. Those upstream nodes can also be notified by downstream node to drop these packets in order to make ordinary flow get more upstream bandwidth. This paper presents an architecture of identifying and controlling these attack clusters and an algorithm for implementing this architecture. The architecture includes both a mechanism of identifying and controlling a cluster by using technology of active network and a notify mechanism between routers under the control of administration controller.