Servers that use the internet for communications and connectivity are fundamentally vulnerable to cyber attacks. Denial-of-service attacks (DoS) prevent access to resources by overwhelming a network with traffic, and are one way that webpages and other connected resources can be targeted. Indirection-based overlay networks (IONs) prevent some DoS attacks by routing transmitted information through multiple nodes, but these can be circumvented by cyber attackers with detailed or real-time understanding of the network. This technology consists of software and devices for preventing both targeting and sweeping DoS cyber attacks using a multipath network. It can be used to efficiently protect internet-connected networks and their stored information from sophisticated DoS cyber attacks.
This technology is a next-generation method that uses a modified ION pathway to protect against DoS attacks. The network architecture utilized by this technology takes into account cyber attackers that may have knowledge of the layout of the ION. It can be used to prevent targeted DoS attacks on a particular node by spreading information packets across multiple nodes in a randomized fashion, so that they cannot be traced by the attacker. It can also be used to prevent sweeping DoS attacks by passing information between nodes as stateless tokens generated using a pseudorandom number.
This technology has been shown to prevent a DoS attack by up to 1.3 million zombie hosts while maintaining end-to-end connectivity, even when up to 40% of the overlay nodes were inoperable.
Tech Ventures Reference: IR M06-015