Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
TCP congestion control with a misbehaving receiver
ACM SIGCOMM Computer Communication Review
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
IEEE/ACM Transactions on Networking (TON)
An Evaluation of Different IP Traceback Approaches
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A Path Information Caching and Aggregation Approach to Traffic Source Identification
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
FDNA '03 Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
A tool for RApid model parameterization and its applications
MoMeTools '03 Proceedings of the ACM SIGCOMM workshop on Models, methods and tools for reproducible network research
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
The session token protocol for forensics and traceback
ACM Transactions on Information and System Security (TISSEC)
Steps towards a DoS-resistant internet architecture
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Design and analysis of a replicated elusive server scheme for mitigating denial of service attacks
Journal of Systems and Software - Special issue: Performance modeling and analysis of computer systems and networks
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Distinguishing between single and multi-source attacks using signal processing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Misbehaving TCP receivers can cause internet-wide congestion collapse
Proceedings of the 12th ACM conference on Computer and communications security
Mitigating denial of service attacks: a tutorial
Journal of Computer Security
Protecting TCP services from denial of service attacks
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Puppetnets: misusing web browsers as a distributed attack infrastructure
Proceedings of the 13th ACM conference on Computer and communications security
Protecting mobile devices from TCP flooding attacks
Proceedings of first ACM/IEEE international workshop on Mobility in the evolving internet architecture
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
A practical and robust inter-domain marking scheme for IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
A self-aware approach to denial of service defence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Enhanced Internet security by a distributed traffic control service based on traffic ownership
Journal of Network and Computer Applications
Information sharing for distributed intrusion detection systems
Journal of Network and Computer Applications
On scalable attack detection in the network
IEEE/ACM Transactions on Networking (TON)
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
On deterministic packet marking
Computer Networks: The International Journal of Computer and Telecommunications Networking
Joint data streaming and sampling techniques for detection of super sources and destinations
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
The spoofer project: inferring the extent of source address filtering on the internet
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Scriptroute: a public internet measurement facility
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
AS-based accountability as a cost-effective DDoS defense
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Learning the valid incoming direction of IP packets
Computer Networks: The International Journal of Computer and Telecommunications Networking
A collaborative defense mechanism against SYN flooding attacks in IP networks
Journal of Network and Computer Applications
Detecting DRDoS attacks by a simple response packet confirmation mechanism
Computer Communications
An analysis of security threats to mobile IPv6
International Journal of Internet Protocol Technology
Antisocial Networks: Turning a Social Network into a Botnet
ISC '08 Proceedings of the 11th international conference on Information Security
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure
ACM Transactions on Information and System Security (TISSEC)
IEEE/ACM Transactions on Networking (TON)
DoSTRACK: a system for defending against DoS attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Understanding the efficacy of deployed internet source address validation filtering
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Distributed packet pairing for reflector based DDoS attack mitigation
Computer Communications
Cooperative routers against DoS attacks
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Defending DDoS attacks using hidden Markov models and cooperative reinforcement learning
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Extracting attack sessions from real traffic with intrusion prevention systems
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Netalyzr: illuminating the edge network
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
A queue model to detect DDos attacks
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Depth-in-defense approach against DDoS
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
ASAP: a low-latency transport layer
Proceedings of the ACM SIGCOMM 2011 conference
Protecting against DNS reflection attacks with Bloom filters
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Network attack detection at flow level
NEW2AN'11/ruSMART'11 Proceedings of the 11th international conference and 4th international conference on Smart spaces and next generation wired/wireless networking
Efficient defence against misbehaving TCP receiver DoS attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
ASAP: a low-latency transport layer
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Improved technique of IP address fragmentation strategies for dos attack traceback
CSR'06 Proceedings of the First international computer science conference on Theory and Applications
A novel rate limit algorithm against meek DDoS attacks
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Intrusion detection with CUSUM for TCP-Based DDoS
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Users and services in intelligent networks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
NS-2 based IP traceback simulation against reflector based DDoS attack
AIS'04 Proceedings of the 13th international conference on AI, Simulation, and Planning in High Autonomy Systems
Intrusion detection: introduction to intrusion detection and security information management
Foundations of Security Analysis and Design III
Tracing attackers with deterministic edge router marking (DERM)
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
RCS: a distributed mechanism against link flooding DDoS attacks
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Authenticated IPv6 packet traceback against reflector based packet flooding attack
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
Victim-Assisted mitigation technique for TCP-Based reflector DDoS attacks
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Misusing unstructured p2p systems to perform dos attacks: the network that never forgets
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
SIP proxies: new reflectors in the internet
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
Using admissible interference to detect denial of service vulnerabilities
IWFM'03 Proceedings of the 6th international conference on Formal Methods
Tracking DDoS attacks: insights into the business of disrupting the web
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
LOT: A Defense Against IP Spoofing and Flooding Attacks
ACM Transactions on Information and System Security (TISSEC)
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
Detecting latent attack behavior from aggregated Web traffic
Computer Communications
POSTER: Reflected attacks abusing honeypots
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Attackers can render distributed denial-of-service attacks more difficult to defend against by bouncing their flooding traffic off of reflectors; that is, by spoofing requests from the victim to a large set of Internet servers that will in turn send their combined replies to the victim. The resulting dilution of locality in the flooding stream complicates the victim's abilities both to isolate the attack traffic in order to block it, and to use traceback techniques for locating the source of streams of packets with spoofed source addresses, such as ITRACE [Be00a], probabilistic packet marking [SWKA00], [SP01], and SPIE [S+01]. We discuss a number of possible defenses against reflector attacks, finding that most prove impractical, and then assess the degree to which different forms of reflector traffic will have characteristic signatures that the victim can use to identify and filter out the attack traffic. Our analysis indicates that three types of reflectors pose particularly significant threats: DNS and Gnutella servers, and TCP-based servers (particularly Web servers) running on TCP implementations that suffer from predictable initial sequence numbers. We argue in conclusion in support of "reverse ITRACE" [Ba00] and for the utility of packet traceback techniques that work even for low volume flows, such as SPIE.