Changing proxy-server identities as a proactive moving-target defense against reconnaissance for DDoS attacks
share
We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart an attacker's reconnaissance phase and consequently decreases the success rate of the planned attack. The moving-target defense is a dynamic identity-changing technique for the indirection servers.
READ FULL TEXT