The present invention relates generally to the field of information security, and more particularly to overload protection through access control and authentication using tokens.
Query processing in a distributed system requires the transmission of data between databases, or repositories, in a network. Multiple repositories, or federated repositories, enable the use of multiple repositories simultaneously. Information can be obtained via a query of the federated system. The message traffic caused by queries utilize computer resources and may cause an overload if there is a large volume of such messages. A concern is also the purposeful overload of a system, for example, a Denial-of-Service (DoS) or Distributed DoS (DDoS) attack.
In a DoS attack, an attacker bombards a victim network or server with a large volume of message traffic. Handling this traffic consumes the victim's available bandwidth, CPU capacity, or other system resources, and eventually brings the victim to a condition in which it is unable to serve its legitimate clients. A DDoS attacks can be even more damaging, as they involve creating overwhelming additional network traffic from multiple sources simultaneously. This may be called a zombie, or botnet, attack. A DDoS attack may occur when an attacker attempts to control a large number of devices on a network by using malicious programs that self-replicate across the network by exploiting security flaws in widely-used services. This malicious program, or “worm,” uses other computing devices to participate in a DDoS attack. This may occur with a background process such that a device user may not be aware that the device is participating in an attack. The attacker may have no direct connection with the victim as it will use the zombies to overwhelm the victim with requests. An increase in activity alone may not a good criterion for detecting a DDoS because the requests may be legitimate. Filtering by source is difficult as the attacker may use false or “spoofed” source IP addresses so that the address may not give a true indication of the source of the attack.