Trajectory sampling for direct traffic observation
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Tradeoffs in probabilistic packet marking for IP traceback
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
IEEE/ACM Transactions on Networking (TON)
Computer
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Taming IP packet flooding attacks
ACM SIGCOMM Computer Communication Review
The session token protocol for forensics and traceback
ACM Transactions on Information and System Security (TISSEC)
Security in wireless mobile and sensor networks
Wireless communications systems and networks
Loose source routing as a mechanism for traffic policies
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Mitigating bandwidth-exhaustion attacks using congestion puzzles
Proceedings of the 11th ACM conference on Computer and communications security
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
A Mutual Anonymous Peer-to-Peer Protocol Design
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Provider-Based Deterministic Packet Marking against Distributed DoS Attacks
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Tabu Marking Scheme for IP Traceback
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Trade-offs in probabilistic packet marking for IP traceback
Journal of the ACM (JACM)
Providing process origin information to aid in computer forensic investigations
Journal of Computer Security
Perimeter-Based Defense against High Bandwidth DDoS Attacks
IEEE Transactions on Parallel and Distributed Systems
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Secure time synchronization service for sensor networks
Proceedings of the 4th ACM workshop on Wireless security
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
IP Easy-pass: a light-weight network-edge resource access control
IEEE/ACM Transactions on Networking (TON)
IEEE Transactions on Dependable and Secure Computing
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Protecting TCP services from denial of service attacks
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
A practical and robust inter-domain marking scheme for IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dynamic probabilistic packet marking for efficient IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
Tabu marking scheme to speedup IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
BASE: an incrementally deployable mechanism for viable IP spoofing prevention
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Provider-based deterministic packet marking against distributed DoS attacks
Journal of Network and Computer Applications
Enhanced Internet security by a distributed traffic control service based on traffic ownership
Journal of Network and Computer Applications
An edge-to-edge filtering architecture against DoS
ACM SIGCOMM Computer Communication Review
On scalable attack detection in the network
IEEE/ACM Transactions on Networking (TON)
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
On deterministic packet marking
Computer Networks: The International Journal of Computer and Telecommunications Networking
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Efficient and secure source authentication with packet passports
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
A measurement study on overhead distribution of value-added internet services
Computer Networks: The International Journal of Computer and Telecommunications Networking
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
AID: A global anti-DoS service
Computer Networks: The International Journal of Computer and Telecommunications Networking
/*icomment: bugs or bad comments?*/
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
A Comprehensive Framework for Enhancing Security in InfiniBand Architecture
IEEE Transactions on Parallel and Distributed Systems
Keeping Denial-of-Service Attackers in the Dark
IEEE Transactions on Dependable and Secure Computing
AS-based accountability as a cost-effective DDoS defense
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Learning the valid incoming direction of IP packets
Computer Networks: The International Journal of Computer and Telecommunications Networking
Minimizing collateral damage by proactive surge protection
Proceedings of the 2007 workshop on Large scale attack defense
Protecting information infrastructure from DDoS attacks by MADF
International Journal of High Performance Computing and Networking
Vulnerabilities in distance-indexed IP traceback schemes
International Journal of Security and Networks
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
Packet forwarding with source verification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Secure Time Synchronization in Sensor Networks
ACM Transactions on Information and System Security (TISSEC)
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Simulation and Analysis of DDoS in Active Defense Environment
Computational Intelligence and Security
ICCS '07 Proceedings of the 7th international conference on Computational Science, Part IV: ICCS 2007
Proactive surge protection: a defense mechanism for bandwidth-based attacks
SS'08 Proceedings of the 17th conference on Security symposium
IEEE/ACM Transactions on Networking (TON)
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
On the state of IP spoofing defense
ACM Transactions on Internet Technology (TOIT)
Traffic Engineering Based Attack Detection in Active Networks
ICDCN '09 Proceedings of the 10th International Conference on Distributed Computing and Networking
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Communities of interest for internet traffic prioritization
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Proactive surge protection: a defense mechanism for bandwidth-based attacks
IEEE/ACM Transactions on Networking (TON)
DDoS attack detection using K-Nearest Neighbor classifier method
Telehealth/AT '08 Proceedings of the IASTED International Conference on Telehealth/Assistive Technologies
Unified defense against DDoS attacks
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Tiered incentives for integrity based queuing
Proceedings of the 2010 Workshop on Economics of Networks, Systems, and Computation
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
DMIPS: defensive mechanism against IP spoofing
ACISP'11 Proceedings of the 16th Australasian conference on Information security and privacy
Intelligent DDoS packet filtering in high-speed networks
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
Safeguard information infrastructure against DDoS attacks: experiments and modeling
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
A comprehensive categorization of DDoS attack and DDoS defense techniques
ADMA'06 Proceedings of the Second international conference on Advanced Data Mining and Applications
Enable a trustworthy network by source address spoofing prevention routers: a formal description
EUC'06 Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing
A dynamic path identification mechanism to defend against DDoS attacks
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
An intelligent approach of packet marking at edge router for IP traceback
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part III
Tracing attackers with deterministic edge router marking (DERM)
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
RCS: a distributed mechanism against link flooding DDoS attacks
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
A hypothesis testing based scalable TCP scan detection
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
Keeping denial-of-service attackers in the dark
DISC'05 Proceedings of the 19th international conference on Distributed Computing
Path attestation scheme to avert DDoS flood attacks
NETWORKING'10 Proceedings of the 9th IFIP TC 6 international conference on Networking
DDoS defense mechanisms: a new taxonomy
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Tracking DDoS attacks: insights into the business of disrupting the web
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Collaborative scheme for VoIP traceback
Digital Investigation: The International Journal of Digital Forensics & Incident Response
An incrementally deployable path address scheme
Journal of Parallel and Distributed Computing
NSS'12 Proceedings of the 6th international conference on Network and System Security
Survey Cyber security in the Smart Grid: Survey and challenges
Computer Networks: The International Journal of Computer and Telecommunications Networking
Capability-Based Defenses Against DoS Attacks in Multi-path MANET Communications
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
Distributed Denial of Service (DDoS) attacks continueto plague the Internet. Defense against these attacksis complicated by spoofed source IP addresses,which make it difficult to determine a packet's true origin.We propose Pi (short for Path Identifier), a newpacket marking approach in which a path fingerprint isembedded in each packet, enabling a victim to identifypackets traversing the same paths through the Interneton a per packet basis, regardless of source IP addressspoofing.Pi features many unique properties. It is a per-packetdeterministic mechanism: each packet traveling alongthe same path carries the same identifier. This allowsthe victim to take a proactive role in defending againsta DDoS attack by using the Pi mark to filter out packetsmatching the attackers' identifiers on a per packet basis.The Pi scheme performs well under large-scale DDoSattacks consisting of thousands of attackers, and is effectiveeven when only half the routers in the Internetparticipate in packet marking. Pi marking and filteringare both extremely light-weight and require negligiblestate.We use traceroute maps of real Internet topologies(e.g. CAIDA's Skitter [5] and Burch and Cheswick's InternetMap [3, 14]) to simulate DDoS attacks and validateour design.