Communications of the ACM
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Resource containers: a new facility for resource management in server systems
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
The OSU Flow-tools Package and CISCO NetFlow Logs
LISA '00 Proceedings of the 14th USENIX conference on System administration
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
An analysis of internet content delivery systems
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Organization-based analysis of web-object sharing and caching
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
Proceedings of the 3rd international workshop on Visualization for computer security
Non-intrusive IP traceback for DDoS attacks
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Modifying first person shooter games to perform real time network monitoring and control tasks
NetGames '06 Proceedings of 5th ACM SIGCOMM workshop on Network and system support for games
Defense against spoofed IP traffic using hop-count filtering
IEEE/ACM Transactions on Networking (TON)
A taxonomy for denial of service attacks in content-based publish/subscribe systems
Proceedings of the 2007 inaugural international conference on Distributed event-based systems
Fishing for phishes: applying capture-recapture methods to estimate phishing populations
Proceedings of the anti-phishing working groups 2nd annual eCrime researchers summit
Spamscatter: characterizing internet scam hosting infrastructure
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Packet forwarding with source verification
Computer Networks: The International Journal of Computer and Telecommunications Networking
Evaluating the partial deployment of an AS-level IP traceback system
Proceedings of the 2008 ACM symposium on Applied computing
Implementing IDS Management on Lock-Keeper
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Understanding the efficacy of deployed internet source address validation filtering
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
An AS-level overlay network for IP traceback
IEEE Network: The Magazine of Global Internetworking - Special issue title on recent developments in network intrusion detection
A Labeled Data Set for Flow-Based Intrusion Detection
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
P2P-AIS: a P2P artificial immune systems architecture for detecting DDoS flooding attacks
GIIS'09 Proceedings of the Second international conference on Global Information Infrastructure Symposium
Preventing drive-by download via inter-module communication monitoring
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Unified rate limiting in broadband access networks for defeating internet worms and DDoS attacks
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
A distributed detecting method for SYN flood attacks and its implementation using mobile agents
MATES'09 Proceedings of the 7th German conference on Multiagent system technologies
On the use of computational geometry to detect software faults at runtime
Proceedings of the 7th international conference on Autonomic computing
Measurement data reduction through variation rate metering
INFOCOM'10 Proceedings of the 29th conference on Information communications
The impact of dynamic adversarial attacks on the stability of heterogeneous multimedia networks
Computer Communications
Passive IP traceback: capturing the origin of anonymous traffic through network telescopes
Proceedings of the ACM SIGCOMM 2010 conference
Mapping the urban wireless landscape with Argos
Proceedings of the 8th ACM Conference on Embedded Networked Sensor Systems
Tiered incentives for integrity based queuing
Proceedings of the 2010 Workshop on Economics of Networks, Systems, and Computation
Small trusted primitives for dependable systems
ACM SIGOPS Operating Systems Review
A new statistical approach to DNS traffic anomaly detection
ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications - Volume Part II
An integrated approach to cryptographic mitigation of denial-of-service attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
From biological and social network metaphors to coupled bio-social wireless networks
International Journal of Autonomous and Adaptive Communications Systems
IP trace back techniques to ferret out denial of service attack source
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
A survey on automatic configuration of virtual private networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
SLA-based complementary approach for network intrusion detection
Computer Communications
Accurate network anomaly classification with generalized entropy metrics
Computer Networks: The International Journal of Computer and Telecommunications Networking
Multi-stage change-point detection scheme for large-scale simultaneous events
Computer Communications
Analysis of country-wide internet outages caused by censorship
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
ACM SIGCOMM Computer Communication Review
A network activity classification schema and its application to scan detection
IEEE/ACM Transactions on Networking (TON)
Intra-domain IP traceback using OSPF
Computer Communications
One-way traffic monitoring with iatmon
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Review: Analyzing well-known countermeasures against distributed denial of service attacks
Computer Communications
A Time-Series Pattern Based Noise Generation Strategy for Privacy Protection in Cloud Computing
CCGRID '12 Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012)
A basic model for proactive event-driven computing
Proceedings of the 6th ACM International Conference on Distributed Event-Based Systems
Efficient modular exponentiation-based puzzles for denial-of-service protection
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Adaptive selective verification: an efficient adaptive countermeasure to thwart DoS attacks
IEEE/ACM Transactions on Networking (TON)
Collaborative behavior visualization and its detection by observing darknet traffic
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
VASE: Filtering IP spoofing traffic with agility
Computer Networks: The International Journal of Computer and Telecommunications Networking
Massive scale cyber traffic analysis: a driver for graph database research
First International Workshop on Graph Data Management Experiences and Systems
On changing the culture of empirical internet assessment
ACM SIGCOMM Computer Communication Review
Detecting denial of service by modelling web-server behaviour
Computers and Electrical Engineering
| Hi-index | 0.00 |
In this article, we seek to address a simple question: “How prevalent are denial-of-service attacks in the Internet?” Our motivation is to quantitatively understand the nature of the current threat as well as to enable longer-term analyses of trends and recurring patterns of attacks. We present a new technique, called “backscatter analysis,” that provides a conservative estimate of worldwide denial-of-service activity. We use this approach on 22 traces (each covering a week or more) gathered over three years from 2001 through 2004. Across this corpus we quantitatively assess the number, duration, and focus of attacks, and qualitatively characterize their behavior. In total, we observed over 68,000 attacks directed at over 34,000 distinct victim IP addresses---ranging from well-known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe our technique is the first to provide quantitative estimates of Internet-wide denial-of-service activity and that this article describes the most comprehensive public measurements of such activity to date.