Resource containers: a new facility for resource management in server systems
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
A Toolkit for User-Level File Systems
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Telling humans and computers apart automatically
Communications of the ACM - Information cities
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
The design and implementation of a next generation name service for the internet
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
An empirical study of "bogon" route advertisements
ACM SIGCOMM Computer Communication Review
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Designing DCCP: congestion control without reliability
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
System support for bandwidth management and content adaptation in internet applications
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Reval: a tool for real-time evaluation of DDoS mitigation strategies
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
LADS: large-scale automated DDOS detection system
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Securing web service by automatic robot detection
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Inside the spam cartel
Mitigating DoS attack through selective bin verification
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Guaranteeing access in spite of distributed service-flooding attacks
Proceedings of the 11th international conference on Security Protocols
Packet-level traffic measurements from the Sprint IP backbone
IEEE Network: The Magazine of Global Internetworking
An edge-to-edge filtering architecture against DoS
ACM SIGCOMM Computer Communication Review
Portcullis: protecting connection setup from denial-of-capability attacks
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Remote profiling of resource constraints of web servers using mini-flash crowds
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Removing exponential backoff from TCP
ACM SIGCOMM Computer Communication Review
Fast autonomous system traceback
Journal of Network and Computer Applications
DDoS-shield: DDoS-resilient scheduling to counter application layer attacks
IEEE/ACM Transactions on Networking (TON)
IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
IEICE - Transactions on Information and Systems
Making Byzantine fault tolerant systems tolerate Byzantine faults
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Modeling and emulation of internet paths
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
A DoS-resilient information system for dynamic data management
Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures
Towards behavioral control in multi-player network games
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
Communities of interest for internet traffic prioritization
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
ACM Transactions on Computer Systems (TOCS)
Unified defense against DDoS attacks
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Modeling human behavior for defense against flash-crowd attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
NetFence: preventing internet denial of service from inside out
Proceedings of the ACM SIGCOMM 2010 conference
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
Small trusted primitives for dependable systems
ACM SIGOPS Operating Systems Review
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
Adversarial security: getting to the root of the problem
iNetSec'10 Proceedings of the 2010 IFIP WG 11.4 international conference on Open research problems in network security
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Conflict on a communication channel
Proceedings of the 30th annual ACM SIGACT-SIGOPS symposium on Principles of distributed computing
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Classification of UDP traffic for DDoS detection
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
How well can congestion pricing neutralize denial of service attacks?
Proceedings of the 12th ACM SIGMETRICS/PERFORMANCE joint international conference on Measurement and Modeling of Computer Systems
Stable availability under denial of service attacks through formal patterns
FASE'12 Proceedings of the 15th international conference on Fundamental Approaches to Software Engineering
Resource-competitive analysis: a new perspective on attack-resistant distributed computing
FOMC '12 Proceedings of the 8th International Workshop on Foundations of Mobile Computing
Secure client puzzles based on random beacons
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
Adaptive selective verification: an efficient adaptive countermeasure to thwart DoS attacks
IEEE/ACM Transactions on Networking (TON)
Reducing web latency: the virtue of gentle aggression
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
IRIS: a robust information system against insider dos-attacks
Proceedings of the twenty-fifth annual ACM symposium on Parallelism in algorithms and architectures
Capability-Based Defenses Against DoS Attacks in Multi-path MANET Communications
Wireless Personal Communications: An International Journal
Hi-index | 0.00 |
This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.