Autonomous dynamic honeypot routing mechanism for mitigating DDoS attacks in DMZ

DDOS attacks generate flooding traffic from multiple sources towards selected nodes and cause obstruction in flow of legitimate information within a network. If the victim node is a server in DMZ requiring fast information processing, the entire network operation stops. We use various lines of honeypot based defence against such attacks. The first line of defence detects the presence of attacks and tags attack flows in real time. The work in this paper concentrates on the next line of defence, where a model for autonomous dynamic honeypot routing has been proposed in response to identified attack flows. We propose the automatic generation of adequate server nodes to service client requests and honeypots to interact with attackers in contained manner. The judicious mixture of servers and honeypots in DMZ at different time intervals provide stable network functionality even in the attacked network. We validate the effectiveness of the approach with modelling on Internet type topology and simulation in ns-2 on a Linux platform.