Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
AFBV: a scalable packet classification algorithm
ACM SIGCOMM Computer Communication Review
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
IEEE/ACM Transactions on Networking (TON)
Sustaining Availability of Web Services under Distributed Denial of Service Attacks
IEEE Transactions on Computers
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
Scalable packet classification
IEEE/ACM Transactions on Networking (TON)
Packet classification in large ISPs: design and evaluation of decision tree classifiers
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Enhanced Internet security by a distributed traffic control service based on traffic ownership
Journal of Network and Computer Applications
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)
Proceedings of the 2008 Spring simulation multiconference
FireCol: a collaborative protection network for the detection of flooding DDoS attacks
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
In this paper, we present a scheme that protects legitimate traffic from the large volume of attackers packets during a DDoS attack. Legitimate packets can be recognized by the tokens they carry in the IP header. Obtaining a token does not require protocol additions or changes, rather it is automatically obtained when a TCP connection is established. We believe that the Implicit Token Scheme (ITS) has numerous advantages: (1) It is totally transparent to clients. (2) No new protocols or modification of existing ones is needed to implement ITS. (3) Operations required by intermediate routers are computationally not more intensive than a couple of addition operations which could be easily done at wire-speed. (4) Does not lead to false positives. (5) Can sustain server availability even during attacks involving hundreds of thousands of attackers.