Probability, stochastic processes, and queueing theory: the mathematics of computer performance modeling
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
Adjusted Probabilistic Packet Marking for IP Traceback
NETWORKING '02 Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
OPERA: An open-source extensible router architecture for adding new network services and protocols
Journal of Systems and Software
A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks
IEEE Transactions on Parallel and Distributed Systems
A Distributed Throttling Approach for Handling High Bandwidth Aggregates
IEEE Transactions on Parallel and Distributed Systems
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Probabilistic packet marking for large-scale IP traceback
IEEE/ACM Transactions on Networking (TON)
Towards behavioral control in multi-player network games
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
RateGuard: a robust distributed denial of service (DDoS) defense system
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis
IEEE/ACM Transactions on Networking (TON)
Identity attack and anonymity protection for P2P-VoD systems
Proceedings of the Nineteenth International Workshop on Quality of Service
An efficient probabilistic packet marking scheme (NOD-PPM)
ISC'06 Proceedings of the 9th international conference on Information Security
Service Violation Monitoring Model for Detecting and Tracing Bandwidth Abuse
Journal of Network and Systems Management
| Hi-index | 0.01 |
There is currently an urgent need for effective solutions against distributed denial-of-service (DDoS) attacks directed at many well-known Web sites. Because of increased sophistication and severity of these attacks, the system administrator of a victim site needs to quickly and accurately identify the probable attackers and eliminate the attack traffic. Our work is based on a probabilistic marking algorithm in which an attack graph can be constructed by a victim site. We extend the basic concept such that one can quickly and efficiently deduce the intensity of the "local traffic驴 generated at each router in the attack graph based on the volume of received marked packets at the victim site. Given the intensities of these local traffic rates, we can rank the local traffic and identify the network domains generating most of the attack traffic. We present our traceback and attacker identification algorithms. We also provide a theoretical framework to determine the minimum stable time t_{min}, which is the minimum time needed to accurately determine the locations of attackers and local traffic rates of participating routers in the attack graph. Entensive experiments are carried out to illustrate that one can accurately determine the minimum stable time t_{min} and, at the same time, determine the location of attackers under various threshold parameters, network diameters, attack traffic distributions, on/off patterns, and network traffic conditions.