A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Towards multisensor data fusion for DoS detection
Proceedings of the 2004 ACM symposium on Applied computing
Alliance formation for DDoS defense
Proceedings of the 2003 workshop on New security paradigms
DDoS attacks and defense mechanisms: classification and state-of-the-art
Computer Networks: The International Journal of Computer and Telecommunications Networking
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Resilient infrastructure for network security
Complexity - Special issue: Resilient and adaptive defense of computing networks
Distinguishing between single and multi-source attacks using signal processing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
On the robustness of router-based denial-of-service (DoS) defense systems
ACM SIGCOMM Computer Communication Review
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
Monitoring the Macroscopic Effect of DDoS Flooding Attacks
IEEE Transactions on Dependable and Secure Computing
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
IEEE Transactions on Dependable and Secure Computing
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
One step ahead to multisensor data fusion for DDoS detection
Journal of Computer Security - Special issue on security track at ACM symposium on applied computing 2004
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Evaluation of a low-rate DoS attack against iterative servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Provider-based deterministic packet marking against distributed DoS attacks
Journal of Network and Computer Applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
Hierarchy-based key management for secure group communications in mobile ad hoc networks
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
An end-middle-end approach to connection establishment
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
A hierarchical key management scheme for secure group communications in mobile ad hoc networks
Journal of Systems and Software
Using uncleanliness to predict future botnet addresses
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Journal of Parallel and Distributed Computing
Application of autonomic agents for global information grid management and security
Proceedings of the 2007 Summer Computer Simulation Conference
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
A novel approach in securing DDoS attack
CSTST '08 Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology
Adaptive distributed mechanism against flooding network attacks based on machine learning
Proceedings of the 1st ACM workshop on Workshop on AISec
IEEE/ACM Transactions on Networking (TON)
Monitoring the application-layer DDoS attacks for popular websites
IEEE/ACM Transactions on Networking (TON)
A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors
IEEE/ACM Transactions on Networking (TON)
An efficient analytical solution to thwart DDoS attacks in public domain
Proceedings of the International Conference on Advances in Computing, Communication and Control
On the reliability of large-scale distributed systems - A topological view
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
An adaptive approach to granular real-time anomaly detection
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A2M: Access-Assured Mobile Desktop Computing
ISC '09 Proceedings of the 12th International Conference on Information Security
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Distributed packet pairing for reflector based DDoS attack mitigation
Computer Communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
Botnet: classification, attacks, detection, tracing, and preventive measures
ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
Sampling-based stream mining for network risk management
JSAI'06 Proceedings of the 20th annual conference on New frontiers in artificial intelligence
Defending DDoS attacks using hidden Markov models and cooperative reinforcement learning
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Scheme of defending against DDoS attacks in large-scale ISP networks
NPC'07 Proceedings of the 2007 IFIP international conference on Network and parallel computing
SYN flooding attack detection based on entropy computing
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
RateGuard: a robust distributed denial of service (DDoS) defense system
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
A survey on the design, applications, and enhancements of application-layer overlay networks
ACM Computing Surveys (CSUR)
A novel DDOS attack defending framework with minimized bilateral damages
CCNC'10 Proceedings of the 7th IEEE conference on Consumer communications and networking conference
Journal of Intelligent Manufacturing
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Efficient and beneficial defense against DDoS direct attack and reflector attack
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
AAIM'06 Proceedings of the Second international conference on Algorithmic Aspects in Information and Management
Intrusion detection with CUSUM for TCP-Based DDoS
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
A comprehensive categorization of DDoS attack and DDoS defense techniques
ADMA'06 Proceedings of the Second international conference on Advanced Data Mining and Applications
Witnessing distributed denial-of-service traffic from an attacker's network
Proceedings of the 7th International Conference on Network and Services Management
A behavior-based ingress rate-limiting mechanism against DoS/DDoS attacks
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Assessment of a vulnerability in iterative servers enabling low-rate dos attacks
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Low rate dos attack to monoprocess servers
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Classification of UDP traffic for DDoS detection
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Revisiting botnet models and their implications for takedown strategies
POST'12 Proceedings of the First international conference on Principles of Security and Trust
SYN flooding attack detection by TCP handshake anomalies
Security and Communication Networks
Sketch-based querying of distributed sliding-window data streams
Proceedings of the VLDB Endowment
A DDoS attack detection mechanism based on protocol specific traffic features
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
An Enhanced Hierarchical Key Management Scheme for MANETs
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Distributed denial-of-service (DDoS) attacks present an Internet-wide threat. We propose D-WARD, a DDoS defense system deployed at source-end networks that autonomously detects and stops attacks originating from these networks. Attacks are detected by the constant monitoring of two-way traffic flows between the network and the rest of the Internet and periodic comparison with normal flow models. Mismatching flows are rate-limited in proportion to their aggressiveness. D-WARD offers good service to legitimate traffic even during an attack, while effectively reducing DDoS traffic to a negligible level. A prototype of the system has been built in a Linux router. We show its effectiveness in various attack scenarios, discuss motivations for deployment, and describe associated costs.