DDoS defense mechanisms: a new taxonomy

Authors:
Astha Keshariya;Noria Foukia
Affiliations:
Department of Information science, University of Otago, New Zealand;Department of Information science, University of Otago, New Zealand
Venue:
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Year:
2009

Citing 24
Cited 2

Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Network traffic tracking systems: folly in the large?

Proceedings of the 2000 workshop on New security paradigms
Protecting web servers from distributed denial of service attacks

Proceedings of the 10th international conference on World Wide Web
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
New directions in traffic measurement and accounting

IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Dynamic load balancing of SAMR applications on distributed systems

Proceedings of the 2001 ACM/IEEE conference on Supercomputing
SOS: secure overlay services

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Pi: A Path Identification Mechanism to Defend against DDoS Attacks

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A taxonomy of computer attacks with applications to wireless networks

A taxonomy of computer attacks with applications to wireless networks
Hop-count filtering: an effective defense against spoofed DDoS traffic

Proceedings of the 10th ACM conference on Computer and communications security
Packet Filtering for Congestion Control under DoS Attacks

IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based Multicast

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles

IEEE/ACM Transactions on Networking (TON)
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks

IEEE Transactions on Dependable and Secure Computing
Denial-of-Service Attack-Detection Techniques

IEEE Internet Computing
A Framework for a Collaborative DDoS Defense

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Real-world buffer overflow protection for userspace & kernelspace

SS'08 Proceedings of the 17th conference on Security symposium
Mitigating DoS attack through selective bin verification

NPSEC'05 Proceedings of the First international conference on Secure network protocols
A comprehensive categorization of DDoS attack and DDoS defense techniques

ADMA'06 Proceedings of the Second international conference on Advanced Data Mining and Applications
Defending against flooding-based distributed denial-of-service attacks: a tutorial

IEEE Communications Magazine

Classification of UDP traffic for DDoS detection

LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Detecting latent attack behavior from aggregated Web traffic

Computer Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Ever expanding array of schemes for detection and prevention of Distributed Denial of Service (DDoS) attacks demands for a constant review and their categorization. As detection techniques have existed for a relatively longer period of time than defense mechanisms, researchers have categorized almost all the existing and expected forthcoming attacks. However, techniques for defense are still nurturing. Researchers have explored that there could be diverse ways of launching DDoS attacks. Consequently, need of defense strategy that adapts and responds autonomously to these variety of attacks is imperative. As more and more excavation is done in the arena of DDoS Defense Mechanisms, we understand that along with the conventional, well known DDoS Prevention and mitigation mechanism there are other factors that play equally important role in shielding a system from DDoS attacks. Deployment strategy, degree of cooperation of the internet host, code of behaviour while the system is already under attack, and post-attack analysis, etc, are such factors. In this paper, we have assorted the existing enormous defense mechanisms, and proposed an enhanced taxonomy that incorporates possible parameters that might influence DDoS Defense.