The design philosophy of the DARPA internet protocols
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Protocols for mobile internetworking
Protocols for mobile internetworking
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Wide-area cooperative storage with CFS
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
TCP congestion control with a misbehaving receiver
ACM SIGCOMM Computer Communication Review
Multiservice Loss Models for Broadband Telecommunication Networks
Multiservice Loss Models for Broadband Telecommunication Networks
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Strongman: a scalable solution to trust management in networks
Strongman: a scalable solution to trust management in networks
Theory, Volume 1, Queueing Systems
Theory, Volume 1, Queueing Systems
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Anonymous connections and onion routing
IEEE Journal on Selected Areas in Communications
Query-flood DoS attacks in gnutella
Proceedings of the 9th ACM conference on Computer and communications security
Incrementally improving lookup latency in distributed hash table systems
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
A Network Worm Vaccine Architecture
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
In search of path diversity in ISP networks
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Taming IP packet flooding attacks
ACM SIGCOMM Computer Communication Review
Alliance formation for DDoS defense
Proceedings of the 2003 workshop on New security paradigms
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
A layered naming architecture for the internet
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Design and analysis of a replicated elusive server scheme for mitigating denial of service attacks
Journal of Systems and Software - Special issue: Performance modeling and analysis of computer systems and networks
Proceedings of the 11th ACM conference on Computer and communications security
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
The dual receiver cryptosystem and its applications
Proceedings of the 11th ACM conference on Computer and communications security
A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Tolerating denial-of-service attacks using overlay networks: impact of topology
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
A survey of peer-to-peer content distribution technologies
ACM Computing Surveys (CSUR)
Distinguishing between single and multi-source attacks using signal processing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
A Method of Security Measurement of the Network Data Transmission
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Collaborative Internet Worm Containment
IEEE Security and Privacy
Perimeter-Based Defense against High Bandwidth DDoS Attacks
IEEE Transactions on Parallel and Distributed Systems
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Towards a global IP anycast service
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Towards an evolvable internet architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
Countering DoS attacks with stateless multipath overlays
Proceedings of the 12th ACM conference on Computer and communications security
Improving lookup latency in distributed hash table systems using random sampling
IEEE/ACM Transactions on Networking (TON)
Impeding attrition attacks in P2P systems
Proceedings of the 11th workshop on ACM SIGOPS European workshop
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
Dynamic overlay routing based on available bandwidth estimation: a simulation study
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
A survivable DoS-resistant overlay network
Computer Networks: The International Journal of Computer and Telecommunications Networking
On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks
IEEE Transactions on Parallel and Distributed Systems
Evaluation of secure peer-to-peer overlay routing for survivable SCADA systems
WSC '04 Proceedings of the 36th conference on Winter simulation
SIL: a model for analyzing scalable peer-to-peer search networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Tabu marking scheme to speedup IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
LIPS: a lightweight permit system for packet source origin accountability
Computer Networks: The International Journal of Computer and Telecommunications Networking
Stateful DDoS attacks and targeted filtering
Journal of Network and Computer Applications
Provider-based deterministic packet marking against distributed DoS attacks
Journal of Network and Computer Applications
Enhanced Internet security by a distributed traffic control service based on traffic ownership
Journal of Network and Computer Applications
Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
An edge-to-edge filtering architecture against DoS
ACM SIGCOMM Computer Communication Review
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Attrition defenses for a peer-to-peer digital preservation system
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Using routing and tunneling to combat DoS attacks
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Cookies along trust-boundaries (CAT): accurate and deployable flood protection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Topology-aware overlay path probing
Computer Communications
Support for resilient Peer-to-Peer gaming
Computer Networks: The International Journal of Computer and Telecommunications Networking
Securing internet coordinate embedding systems
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
An end-middle-end approach to connection establishment
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
AID: A global anti-DoS service
Computer Networks: The International Journal of Computer and Telecommunications Networking
A cooperative SIP infrastructure for highly reliable telecommunication services
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Building resilient low-diameter peer-to-peer topologies
Computer Networks: The International Journal of Computer and Telecommunications Networking
Power to the people: securing the internet one edge at a time
Proceedings of the 2007 workshop on Large scale attack defense
Application of autonomic agents for global information grid management and security
Proceedings of the 2007 Summer Computer Simulation Conference
On attack causality in internet-connected cellular networks
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
GONE: an infrastructure overlay for resilient, DoS-limiting networking
Proceedings of the 2006 international workshop on Network and operating systems support for digital audio and video
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)
Proceedings of the 2008 Spring simulation multiconference
IEEE/ACM Transactions on Networking (TON)
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
Mitigating attacks on open functionality in SMS-capable cellular networks
IEEE/ACM Transactions on Networking (TON)
Trading off resources between overlapping overlays
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
QoS-guaranteed path selection algorithm for service composition
Proceedings of the 5th International ICST Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness
MOSAIC: unified declarative platform for dynamic overlay composition
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
A DoS-resilient information system for dynamic data management
Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures
A2M: Access-Assured Mobile Desktop Computing
ISC '09 Proceedings of the 12th International Conference on Information Security
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
Dynamic overlay routing based on available bandwidth estimation: A simulation study
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
Understanding when location-hiding using overlay networks is feasible
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A survivable DoS-resistant overlay network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Path-diversity P2P overlay retransmissioll for reliable IP-multicast
IEEE Transactions on Multimedia
On cellular botnets: measuring the impact of malicious devices on a cellular network core
Proceedings of the 16th ACM conference on Computer and communications security
A thin-layer protocol for utilizing multiple paths
IROS'09 Proceedings of the 2009 IEEE/RSJ international conference on Intelligent robots and systems
A survey of network virtualization
Computer Networks: The International Journal of Computer and Telecommunications Networking
Experience with the keynote trust management system: applications and future directions
iTrust'03 Proceedings of the 1st international conference on Trust management
Request diversion: a novel mechanism to counter P2P based DDoS attacks
International Journal of Internet Protocol Technology
Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Pushback for overlay networks: protecting against malicious insiders
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
Scheme of defending against DDoS attacks in large-scale ISP networks
NPC'07 Proceedings of the 2007 IFIP international conference on Network and parallel computing
Towards a middleware reference model for overlay networks
Companion Proceedings of the XIV Brazilian Symposium on Multimedia and the Web
Reconfigurable peer-to-peer connectivity overlays for information assurance applications
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A survey on the design, applications, and enhancements of application-layer overlay networks
ACM Computing Surveys (CSUR)
NetFence: preventing internet denial of service from inside out
Proceedings of the ACM SIGCOMM 2010 conference
Evaluation of QoS-compliant overlays under denial of service attacks
SpringSim '10 Proceedings of the 2010 Spring Simulation Multiconference
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Phyllo: a peer-to-peer overlay security framework
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Multi-agent-based Pay-Per-Use (PpU) distributed manufacturing
International Journal of Computer Applications in Technology
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
CluB: a cluster based framework for mitigating distributed denial of service attacks
Proceedings of the 2011 ACM Symposium on Applied Computing
On enabling dependability assurance in heterogeneous networks through automated model-based analysis
SERENE'11 Proceedings of the Third international conference on Software engineering for resilient systems
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Verifying and enforcing network paths with icing
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Trading off resources between overlapping overlays
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
A middleware system for protecting against application level denial of service attacks
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Multidomain virtual security negotiation over the session initiation protocol (SIP)
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
AAIM'06 Proceedings of the Second international conference on Algorithmic Aspects in Information and Management
MOSAIC: Declarative platform for dynamic overlay composition
Computer Networks: The International Journal of Computer and Telecommunications Networking
Lessons for autonomic services from the design of an anonymous dos protection overlay
AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Distributed qos routing for backbone overlay networks
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
LIPS: lightweight internet permit system for stopping unwanted packets
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
gore: routing-assisted defense against DDoS attacks
ISC'05 Proceedings of the 8th international conference on Information Security
DSO: dependable signing overlay
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
DDoS defense mechanisms: a new taxonomy
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Secure computation with partial message loss
TCC'06 Proceedings of the Third conference on Theory of Cryptography
An incrementally deployable path address scheme
Journal of Parallel and Distributed Computing
A denial-of-service resistant DHT
DISC'07 Proceedings of the 21st international conference on Distributed Computing
IRIS: a robust information system against insider dos-attacks
Proceedings of the twenty-fifth annual ACM symposium on Parallelism in algorithms and architectures
Capability-Based Defenses Against DoS Attacks in Multi-path MANET Communications
Wireless Personal Communications: An International Journal
| Hi-index | 0.00 |
Denial of service (DoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic.We propose an architecture called Secure Overlay Services (SOS) that proactively prevents DoS attacks, geared toward supporting Emergency Services or similar types of communication. The architecture is constructed using a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by (i) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic, and (ii) introducing randomness and anonymity into the architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination.Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOS-protected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.