Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
A system for authenticated policy-compliant routing
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Analyzing large DDoS attacks using multiple data sources
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
An architecture for developing behavioral history
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
SANE: a protection architecture for enterprise networks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Analysis of communities of interest in data networks
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
IEEE Network: The Magazine of Global Internetworking
Minimizing collateral damage by proactive surge protection
Proceedings of the 2007 workshop on Large scale attack defense
Unconstrained endpoint profiling (googling the internet)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Proactive surge protection: a defense mechanism for bandwidth-based attacks
SS'08 Proceedings of the 17th conference on Security symposium
Communities of interest for internet traffic prioritization
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
Proactive surge protection: a defense mechanism for bandwidth-based attacks
IEEE/ACM Transactions on Networking (TON)
Googling the internet: profiling internet endpoints via the world wide web
IEEE/ACM Transactions on Networking (TON)
Mining large distributed log data in near real time
SLAML '11 Managing Large-scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques
FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
A scalable network forensics mechanism for stealthy self-propagating attacks
Computer Communications
| Hi-index | 0.00 |
Most existing distributed denial-of-service (DDoS) mitigation proposals are reactive in nature, i.e., they are deployed to limit the damage caused by attacks after they are detected. In contrast, we present PRIMED, a proactive approach to DDoS mitigation that allows users to specify to their ISP a priori their (dis)interest in receiving traffic from particular network entities. Our solution employs communities of interest (COIs) to capture the collective past behavior of remote network entities and uses them to predict future behavior. Specifically, ISPs construct a network-wide bad COI that contains network entities who exhibited unwanted behavior in the past, and per-customer good COIs containing remote network entities that have previously engaged in legitimate communication with the customer. Our system uses these derived sets together with customer-specific policies to proactively mitigate DDoS attacks using existing router mechanisms. Indeed, preliminary lab testing shows that our approach is deployable on modern edge router platforms without degrading packet forwarding performance. This implies that our approach offers DDoS protection at a truly massive scale, i.e., every customer access link. Simulation results show that our approach improves protection against 91--93% of actual DDoS attacks on real customers---providing complete protection against 38--53% of such attacks---while slightly increasing vulnerability in only 5--7% of attacks.