Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Broadcast Encryption's Bright Future
Computer
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
A Method to Implement a Denial of Service Protection Base
ACISP '97 Proceedings of the Second Australasian Conference on Information Security and Privacy
Towards Network Denial of Service Resistant Protocols
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
A Formal Framework and Evaluation Method for Network Denial of Service
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Disseminating Security Updates at Internet Scale
Disseminating Security Updates at Internet Scale
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks
IEEE Transactions on Dependable and Secure Computing
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
IEEE/ACM Transactions on Networking (TON)
Design of the host guard firewall for network protection
ISP'08 Proceedings of the 7th WSEAS international conference on Information security and privacy
Impact of sanitized message flows in a cooperative intrusion warning system
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Multilateral decisions for collaborative defense against unsolicited bulk e-mail
iTrust'06 Proceedings of the 4th international conference on Trust Management
AAIM'06 Proceedings of the Second international conference on Algorithmic Aspects in Information and Management
Distributed defense against distributed denial-of-service attacks
ICA3PP'05 Proceedings of the 6th international conference on Algorithms and Architectures for Parallel Processing
Users and services in intelligent networks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
An orchestration approach for unwanted Internet traffic identification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Queue management as a DoS counter-measure?
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.00 |
Currently, there is no effective defense against large-scale distributed denial-of-service (DDoS) attacks. While numerous DDoS defense systems exist that offer excellent protection from specific attack types and scenarios, they can frequently be defeated by an attacker aware of their weaknesses. A necessary requirement for successful DDoS defense is wide deployment, but none of these systems can guarantee wide deployment simply because deployment depends more on market and social aspects than on the technical performance of the system.To successfully handle the DDoS threat we must abandon the current paradigm---the design of defense systems that operate in isolation---and shift toward a new paradigm, a distributed framework of heterogeneous systems that cooperate to achieve an effective defense. Heterogeneity is dictated by two major factors. First, the necessary requirements for a successful defense are detection, response and traffic differentiation. These requirements must be met at disjoint points in the Internet and require a disjoint set of functionalities from the defense systems. Second, heterogeneity is dictated by the current state of the DDoS defense field in which numerous systems exist that can offer similar performance and compete for market share. In this paper we show how the paradigm shift can be accomplished quickly and painlessly through the design of DefCOM, a distributed framework that enables the exchange of information and services between existing defense nodes.