Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
ACM Transactions on Computer Systems (TOCS)
DDoS defense mechanisms: a new taxonomy
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Adaptive selective verification: an efficient adaptive countermeasure to thwart DoS attacks
IEEE/ACM Transactions on Networking (TON)
Protecting Satellite Systems from Disassociation DoS Attacks
Wireless Personal Communications: An International Journal
| Hi-index | 0.00 |
Despite considerable attention from both the academic and commercial communities, denial-of-service (DoS) attacks represent a growing threat to network administrators and service providers. A large number of proposed DoS countermeasures attempt to detect an attack in-progress and filter out the DoS attack packets. These techniques often depend on the instantiation of sophisticated routing mechanisms and the ability to differentiate between normal and malicious messages. Unfortunately, neither of these prerequisites may be practical or possible. We propose and evaluate a defense against DoS attacks which we call selective bin verification. The technique shows promise against large DoS attacks, even when attack packets are able to permeate the network and reach the target of their attack. We explore the effectiveness of our technique by implementing an experimental testbed in which selective bin verification is successfully used to protect against DoS attacks. We formally describe the mathematical properties of our approach and delineate "tuning" parameters for defending against various attacks.