Traffic analysis: protocols, attacks, design issues, and open problems
International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Passive estimation of TCP round-trip times
ACM SIGCOMM Computer Communication Review
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Variability in TCP round-trip times
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Telling humans and computers apart automatically
Communications of the ACM - Information cities
Taming IP packet flooding attacks
ACM SIGCOMM Computer Communication Review
Alliance formation for DDoS defense
Proceedings of the 2003 workshop on New security paradigms
Internet indirection infrastructure
IEEE/ACM Transactions on Networking (TON)
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
IEEE/ACM Transactions on Networking (TON)
Low-Cost Traffic Analysis of Tor
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Trade-offs in probabilistic packet marking for IP traceback
Journal of the ACM (JACM)
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Mitigating denial of service attacks: a tutorial
Journal of Computer Security
Detecting and Isolating Malicious Routers
IEEE Transactions on Dependable and Secure Computing
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
A low-cost attack on a Microsoft captcha
Proceedings of the 15th ACM conference on Computer and communications security
IEEE/ACM Transactions on Networking (TON)
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors
IEEE/ACM Transactions on Networking (TON)
Computer Networks: The International Journal of Computer and Telecommunications Networking
Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics
NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security
Making Overlay Networks more Robust to Massive Failures
PRDC '09 Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing
RAD: Reflector Attack Defense Using Message Authentication Codes
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
A Puzzle-Based Defense Strategy Against Flooding Attacks Using Game Theory
IEEE Transactions on Dependable and Secure Computing
Detecting distributed denial of service attacks by sharing distributed beliefs
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Sampled traffic analysis by internet-exchange-level adversaries
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
An Improved Wavelet Analysis Method for Detecting DDoS Attacks
NSS '10 Proceedings of the 2010 Fourth International Conference on Network and System Security
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
A Cooperative Mechanism to Defense against Distributed Denial of Service Attacks
TRUSTCOM '11 Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications
Enhanced CAPTCHAs: using animation to tell humans and computers apart
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Robust Detection of MAC Layer Denial-of-Service Attacks in CSMA/CA Wireless Networks
IEEE Transactions on Information Forensics and Security
SOS: an architecture for mitigating DDoS attacks
IEEE Journal on Selected Areas in Communications
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
Real-time detection of application-layer DDoS attack using time series analysis
Journal of Control Science and Engineering - Special issue on Advances in Methods for Networked and Cyber-Physical System
Hi-index | 0.24 |
This paper reviews and analyzes well-known countermeasures against distributed denial of service (DDoS) attacks. This paper provides an in-depth analysis of each countermeasure and enumerates strengths and challenges of each technique. If it is possible, the paper designs a countermeasure against each defense mechanism from the attacker's point of view. We believe that this survey is the most complete survey that analyzes the most cited DDoS defense techniques in detail. We expect that this survey will assist the potential victims to choose suitable countermeasures against DDoS attacks based on the analysis presented here and as well as the capabilities that they have to implement the techniques. The analysis done in this paper provides a great opportunity for both academic and industrial researchers to improve the state of the art countermeasures against DDoS attacks.