Data networks
Analysis and simulation of a fair queueing algorithm
SIGCOMM '89 Symposium proceedings on Communications architectures & protocols
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
Promoting the use of end-to-end congestion control in the Internet
IEEE/ACM Transactions on Networking (TON)
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Tradeoffs in probabilistic packet marking for IP traceback
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Defeating Distributed Denial of Service Attacks
IT Professional
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Controlling High-Bandwidth Flows at the Congested Router
ICNP '01 Proceedings of the Ninth International Conference on Network Protocols
FDNA '03 Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
Modelling denial of service attacks on JFK with Meadows's cost-based framework
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Defeating DDoS attacks by fixing the incentive chain
ACM Transactions on Internet Technology (TOIT)
Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Building an application-aware IPsec policy system
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Mitigating DoS attacks against broadcast authentication in wireless sensor networks
ACM Transactions on Sensor Networks (TOSN)
mod_kaPoW: mitigating DoS with transparent proof-of-work
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Building an application-aware IPsec policy system
IEEE/ACM Transactions on Networking (TON)
Mitigating application-level denial of service attacks on Web servers: A client-transparent approach
ACM Transactions on the Web (TWEB)
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient defence against misbehaving TCP receiver DoS attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
A middleware system for protecting against application level denial of service attacks
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Efficient memory bound puzzles using pattern databases
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
| Hi-index | 0.00 |
We present congestion puzzles (CP), a new countermeasure to bandwidth-exhaustion attacks. Like other defenses based on client puzzles, CP attempts to force attackers to invest vast resources in order to effectively perform denial-of-service attacks. Unlike previous puzzle-based approaches, however, ours is the first designed for the bandwidth-exhaustion attacks that are common at the network (IP) layer. At the core of CP is an elegant distributed puzzle mechanism that permits routers to cooperatively impose and check puzzles. We demonstrate through analysis and simulation that CP can effectively defend networks from flooding attacks without relying on the formulation of attack signatures to filter traffic. Moreover, as many such attacks are conducted by "zombie" computers that have been silently commandeered without the knowledge of their owners, the overheads that CP imposes on heavily engaged zombies can increase the likelihood that the computer's owner detects the compromise and takes action to remedy it.