Congestion avoidance and control
SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
A Method to Implement a Denial of Service Protection Base
ACISP '97 Proceedings of the Second Australasian Conference on Information Security and Privacy
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
NCA '03 Proceedings of the Second IEEE International Symposium on Network Computing and Applications
Analysis of a Denial of Service Attack on TCP
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Alliance formation for DDoS defense
Proceedings of the 2003 workshop on New security paradigms
D-ward: source-end defense against distributed denial-of-service attacks
D-ward: source-end defense against distributed denial-of-service attacks
An integrated experimental environment for distributed systems and networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
A self-aware approach to denial of service defence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Simulation and Analysis of DDoS in Active Defense Environment
Computational Intelligence and Security
Multi-Agent Reinforcement Learning for Intrusion Detection: A Case Study and Evaluation
MATES '08 Proceedings of the 6th German conference on Multiagent System Technologies
A novel approach in securing DDoS attack
CSTST '08 Proceedings of the 5th international conference on Soft computing as transdisciplinary science and technology
Traffic Engineering Based Attack Detection in Active Networks
ICDCN '09 Proceedings of the 10th International Conference on Distributed Computing and Networking
Information Security Journal: A Global Perspective
DDoSniffer: Detecting DDoS attack at the source agents
International Journal of Advanced Media and Communication
A backpressure technique for filtering spoofed traffic at upstream routers
International Journal of Security and Networks
Highspeed and flexible source-end DDoS protection system using IXP2400 network processor
IPOM'07 Proceedings of the 7th IEEE international conference on IP operations and management
Don't tread on me: moderating access to OSN data with spikestrip
WOSN'10 Proceedings of the 3rd conference on Online social networks
DDoS detection and traceback with decision tree and grey relational analysis
International Journal of Ad Hoc and Ubiquitous Computing
Users and services in intelligent networks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
DDoS defense mechanisms: a new taxonomy
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
How well can congestion pricing neutralize denial of service attacks?
Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
DDoS flooding attack detection scheme based on F-divergence
Computer Communications
An orchestration approach for unwanted Internet traffic identification
Computer Networks: The International Journal of Computer and Telecommunications Networking
A hybrid defense mechanism for DDoS attacks using cluster analysis in MANET
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
Thwarting DDoS attacks in grid using information divergence
Future Generation Computer Systems
| Hi-index | 0.00 |
Defenses against flooding distributed denial-of-service (DDoS) commonly respond to the attack by dropping the excess traffic, thus reducing the overload at the victim. The major challenge is the differentiation of the legitimate from the attack traffic, so that the dropping policies can be selectively applied. We propose D-WARD, a source-end DDoS defense system that achieves autonomous attack detection and surgically accurate response, thanks to its novel traffic profiling techniques, the adaptive response and the source-end deployment. Moderate traffic volumes seen near the sources, even during the attacks, enable extensive statistics gathering and profiling, facilitating high response selectiveness. D-WARD inflicts an extremely low collateral damage to the legitimate traffic, while quickly detecting and severely rate-limiting outgoing attacks. D-WARD has been extensively evaluated in a controlled testbed environment and in real network operation. Results of selected tests are presented in the paper.