Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Honeypots for Distributed Denial of Service Attacks
WETICE '02 Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
A Simulation Study of the Proactive Server Roaming for Mitigating Denial of Service Attacks
ANSS '03 Proceedings of the 36th annual symposium on Simulation
An implementation of a hierarchical IP traceback architecture
SAINT-W '03 Proceedings of the 2003 Symposium on Applications and the Internet Workshops (SAINT'03 Workshops)
FDNA '03 Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Roaming Honeypots for Mitigating Service-Level Denial-of-Service Attacks
ICDCS '04 Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04)
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Mohonk: mobile honeypots to trace unwanted traffic early
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
Mitigating bandwidth-exhaustion attacks using congestion puzzles
Proceedings of the 11th ACM conference on Computer and communications security
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
| Hi-index | 0.00 |
The Denial-of-Service (DoS) attack remains a challenging problem in the current Internet. In a DoS defense mechanism, a honeypot acts as a decoy within a pool of servers, whereby any packet received by the honeypot is most likely an attack packet. We have previously proposed the roaming honeypots scheme to enhance this mechanism by camouflaging the honeypots within the server pool, thereby making their locations highly unpredictable. In roaming honeypots, each server acts as a honeypot for some periods of time, or honeypot epochs, the duration of which is determined by a pseudo-random schedule shared among servers and legitimate clients. In this paper, we propose a honeypot backpropagation scheme to trace back attack sources when attacks occur. Based on this scheme, the reception of a packet by a roaming honeypot triggers the activation of a DAG of honeypot sessions rooted at the honeypot under attack towards attack sources. The formation of this tree is achieved in a hierarchical fashion: first at the Autonomous system (AS) level and then at the router level within an AS if needed. The proposed scheme supports incremental deployment and provides deployment incentives for ISPs. Through ns-2 simulations, we show how the proposed scheme enhances the performance of a vanilla Pushback defense by obtaining accurate attack signatures and acting promptly once an attack is detected.