IEEE/ACM Transactions on Networking (TON)
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Time Series Analysis: Forecasting and Control
Time Series Analysis: Forecasting and Control
Using signal processing to analyze wireless data traffic
WiSE '02 Proceedings of the 1st ACM workshop on Wireless security
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Measuring ISP topologies with rocketfuel
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
A signal analysis of network traffic anomalies
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Spectroscopy of DNS update traffic
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Generation of High Bandwidth Network Traffic Traces
MASCOTS '02 Proceedings of the 10th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Online Amnesic Approximation of Streaming Time Series
ICDE '04 Proceedings of the 20th International Conference on Data Engineering
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
A wavelet-based framework for proactive detection of network misconfigurations
Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning reality
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
CyberSeer: 3D audio-visual immersion for network security and management
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Distinguishing between single and multi-source attacks using signal processing
Computer Networks: The International Journal of Computer and Telecommunications Networking
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Remote Physical Device Fingerprinting
IEEE Transactions on Dependable and Secure Computing
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Queueing analysis of network traffic: methodology and visualization tools
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Long range dependent trafic
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback
IEEE Transactions on Parallel and Distributed Systems
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
MOJO: a distributed physical layer anomaly detection system for 802.11 WLANs
Proceedings of the 4th international conference on Mobile systems, applications and services
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
Traffic-Adaptive Packet Filtering of Denial of Service Attacks
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
One step ahead to multisensor data fusion for DDoS detection
Journal of Computer Security - Special issue on security track at ACM symposium on applied computing 2004
Protecting mobile devices from TCP flooding attacks
Proceedings of first ACM/IEEE international workshop on Mobility in the evolving internet architecture
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
Incremental deployment strategies for router-assisted reliable multicast
IEEE/ACM Transactions on Networking (TON)
A practical and robust inter-domain marking scheme for IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
A self-aware approach to denial of service defence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Adversarial exploits of end-systems adaptation dynamics
Journal of Parallel and Distributed Computing
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
On scalable attack detection in the network
IEEE/ACM Transactions on Networking (TON)
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
Adaptive defense against various network attacks
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies
IEEE Transactions on Dependable and Secure Computing
A queueing analysis for the denial of service (DoS) attacks in computer networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
A network mitigation system against distributed denial of service: a linux-based prototype
IMSA'07 IASTED European Conference on Proceedings of the IASTED European Conference: internet and multimedia systems and applications
Robust and efficient detection of DDoS attacks for large-scale internet
Computer Networks: The International Journal of Computer and Telecommunications Networking
Design, deployment, and use of the DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Proceedings of the 2007 workshop on Large scale attack defense
Learning for accurate classification of real-time traffic
CoNEXT '06 Proceedings of the 2006 ACM CoNEXT conference
Proceedings of the first international conference on Networks for grid applications
Statistical techniques for detecting traffic anomalies through packet header data
IEEE/ACM Transactions on Networking (TON)
A lab implementation of SYN flood attack and defense
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
An Integrated Solution for Policy Filtering and Traffic Anomaly Detection
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
Spectral probing, crosstalk and frequency multiplexing in internet paths
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification
WSEAS Transactions on Computers
Remote detection of bottleneck links using spectral and statistical methods
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting distributed network traffic anomaly with network-wide correlation analysis
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
IEEE/ACM Transactions on Networking (TON)
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
An adaptive approach to granular real-time anomaly detection
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
A TCAM-based solution for integrated traffic anomaly detection and policy filtering
Computer Communications
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Distributed packet pairing for reflector based DDoS attack mitigation
Computer Communications
Queueing analysis of network traffic: methodology and visualization tools
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue: Long range dependent trafic
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Accurate anomaly detection through parallelism
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
A network mitigation system against distributed denial of service: a Linux-based prototype
EurolMSA '07 Proceedings of the Third IASTED European Conference on Internet and Multimedia Systems and Applications
Review: A review of DoS attack models for 3G cellular networks from a system-design perspective
Computer Communications
Real-time behaviour profiling for network monitoring
International Journal of Internet Protocol Technology
The curse of ease of access to the internet
ICISS'07 Proceedings of the 3rd international conference on Information systems security
AnomBench: a benchmark for volume-based internet anomaly detection
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Anomaly-based identification of large-scale attacks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
ACM Transactions on Management Information Systems (TMIS)
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Securing the data path of next-generation router systems
Computer Communications
A semantic framework for data analysis in networked systems
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Network attack detection at flow level
NEW2AN'11/ruSMART'11 Proceedings of the 11th international conference and 4th international conference on Smart spaces and next generation wired/wireless networking
Forty data communications research questions
ACM SIGCOMM Computer Communication Review
A formalized taxonomy of DDoS attacks based on similarity
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
PSO-SFDD: Defense against SYN flooding DoS attacks by employing PSO algorithm
Computers & Mathematics with Applications
Detection of unknown dos attacks by kolmogorov-complexity fluctuation
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Users and services in intelligent networks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
NS-2 based IP traceback simulation against reflector based DDoS attack
AIS'04 Proceedings of the 13th international conference on AI, Simulation, and Planning in High Autonomy Systems
Intra-domain IP traceback using OSPF
Computer Communications
Exploiting the IPID field to infer network path and end-system characteristics
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Victim-Assisted mitigation technique for TCP-Based reflector DDoS attacks
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
DDoS defense mechanisms: a new taxonomy
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
NCS security experimentation using DETER
Proceedings of the 1st international conference on High Confidence Networked Systems
Classification of UDP traffic for DDoS detection
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
A novel intrusion severity analysis approach for Clouds
Future Generation Computer Systems
Speculations on the science of web user security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Security challenges in embedded systems
ACM Transactions on Embedded Computing Systems (TECS) - Special section on ESTIMedia'12, LCTES'11, rigorous embedded systems design, and multiprocessor system-on-chip for cyber-physical systems
International Journal of Information Security and Privacy
Trust management of services in cloud environments: Obstacles and solutions
ACM Computing Surveys (CSUR)
Hi-index | 0.00 |
Launching a denial of service (DoS) attack is trivial, but detection and response is a painfully slow and often a manual process. Automatic classification of attacks as single- or multi-source can help focus a response, but current packet-header-based approaches are susceptible to spoofing. This paper introduces a framework for classifying DoS attacks based on header content, and novel techniques such as transient ramp-up behavior and spectral analysis. Although headers are easily forged, we show that characteristics of attack ramp-up and attack spectrum are more difficult to spoof. To evaluate our framework we monitored access links of a regional ISP detecting 80 live attacks. Header analysis identified the number of attackers in 67 attacks, while the remaining 13 attacks were classified based on ramp-up and spectral analysis. We validate our results through monitoring at a second site, controlled experiments, and simulation. We use experiments and simulation to understand the underlying reasons for the characteristics observed. In addition to helping understand attack dynamics, classification mechanisms such as ours are important for the development of realistic models of DoS traffic, can be packaged as an automated tool to aid in rapid response to attacks, and can also be used to estimate the level of DoS activity on the Internet.