An active security protocol against DoS attacks

Denial of Service (DoS) attacks represent, in today's Internet, one of the most complex issues to address. A session is under a DoS attack if it cannot achieve its intended throughput due to the misbehavior of other sessions. Many research studies dealt with DoS, proposing models and/or architectures mostly based on an attack prevention approach, Prevention techniques lead to different models, each suitable for a single type of misbehavior; but do not guarantee the protection of a system from a more general DoS attack. In this work we analyze the fundamental requirements to be satisfied in order to protect hosts and routers from any form of Distributed DoS (DDoS). Then we propose a network signaling protocol, named Active Security Protocol(ASP), which satisfies most of the defined requirements. ASP provides an active protection from a DDoS attack, being able to adapt its defense strategies to the current type of violation. Protocol specification and design are performed using an object oriented methodology: we used Unified Modeling Language(UML) as a software description language.