Random early detection gateways for congestion avoidance
IEEE/ACM Transactions on Networking (TON)
Communications of the ACM
Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
IEEE Internet Computing
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Making trust explicit in distributed commerce transactions
ICDCS '96 Proceedings of the 16th International Conference on Distributed Computing Systems (ICDCS '96)
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities
IEEE Transactions on Knowledge and Data Engineering
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Aberrant Behavior Detection in Time Series for Network Monitoring
LISA '00 Proceedings of the 14th USENIX conference on System administration
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Source selectable path diversity via routing deflections
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Dynamic load balancing without packet reordering
ACM SIGCOMM Computer Communication Review
Resisting SYN flood DoS attacks with a SYN cache
BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Fine-grained capabilities for flooding DDoS defense using client reputations
Proceedings of the 2007 workshop on Large scale attack defense
Remus: high availability via asynchronous virtual machine replication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
Real-time detection of application-layer DDoS attack using time series analysis
Journal of Control Science and Engineering - Special issue on Advances in Methods for Networked and Cyber-Physical System
| Hi-index | 0.24 |
Distributed Denial of Service (DDoS) attacks have become one of the most serious threats to the Internet. To mitigate DDoS attacks, much progress has been made in developing currency-based solutions, where a sender is required to spend resources such as computational cost, bandwidth, prior knowledge, and human actions to purchase her legitimacy before sending packets. In this paper, we propose an innovative overlay-based DDoS mitigation architecture by introducing a credit-based accounting mechanism, where a sender can send packets based on her credit points earned by her legitimate communication behaviors instead of expending resources in advance. Since the credit points given to a sender is designed to be measured based on her history of communication patterns, a well-behaving sender can gain her credit points while an ill-behaving one will lose her credit points. We propose an architecture of such a credit-based system, named OverCourt, where a well-behaving client may dynamically migrate to a protected channel when her credit points exceed a threshold while an ill-behaving client will be blocked after her credit points have been exhausted. The analysis and simulation results show that OverCourt can mitigate DDoS attacks under various DDoS attack scenarios.