On network-aware clustering of Web clients
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Optimal Unconditional Information Diffusion
DISC '01 Proceedings of the 15th International Conference on Distributed Computing
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Security Considerations for Peer-to-Peer Distributed Hash Tables
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
The Eigentrust algorithm for reputation management in P2P networks
WWW '03 Proceedings of the 12th international conference on World Wide Web
Diffusion without false rumors: on propagating updates in a Byzantine environment
Theoretical Computer Science
Characterizing the query behavior in peer-to-peer file sharing systems
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Secure routing for structured peer-to-peer overlay networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Distributed Computing
Exploiting P2P systems for DDoS attacks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Understanding churn in peer-to-peer networks
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
A Measurement Study of the Structured Overlay Network in P2P File-Sharing Applications
ISM '06 Proceedings of the Eighth IEEE International Symposium on Multimedia
Peer-to-peer communication across network address translators
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Early experience with an internet broadcast system based on overlay multicast
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Characterization and measurement of TCP traversal through NATs and firewalls
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Non-transitive connectivity and DHTs
WORLDS'05 Proceedings of the 2nd conference on Real, Large Distributed Systems - Volume 2
A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks
ICNS '07 Proceedings of the Third International Conference on Networking and Services
Defending P2Ps from Overlay Flooding-based DDoS
ICPP '07 Proceedings of the 2007 International Conference on Parallel Processing
BotTorrent: misusing BitTorrent to launch DDoS attacks
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Misusing Kademlia Protocol to Perform DDoS Attacks
ISPA '08 Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications
DDoS Attacks by Subverting Membership Management in P2P Systems
NPSEC '07 Proceedings of the 2007 3rd IEEE Workshop on Secure Network Protocols
A survey of attack and defense techniques for reputation systems
ACM Computing Surveys (CSUR)
A survey of peer-to-peer security issues
ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Misusing unstructured p2p systems to perform dos attacks: the network that never forgets
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
Recently, there has been a spurt of work [1-7] showing that a variety of extensively deployed P2P systems may be exploited to launch DDoS attacks on web and other Internet servers, external to the P2P system. In this paper, we dissect these attacks and categorize them based on the underlying cause for attack amplification. We show that the attacks stem from a violation of three key principles: (i) membership information must be validated before use; (ii) innocent participants must only propagate validated information; and (iii) the system must protect against multiple references to the victim. We systematically explore the effectiveness of an active probing approach to validating membership information in thwarting such DDoS attacks. The approach does not rely on centralized authorities for membership verification, and is applicable to both structured (DHT-based) and unstructured P2P systems. We believe these considerations are important to ensure the mechanisms can be integrated with a range of existing P2P deployments. We evaluate the techniques in the context of a widely deployed DHT-based file-sharing system, and a video broadcasting system with stringent performance requirements. Our results show the promise of the approach in limiting DDoS attacks while not sacrificing application performance.