Survey of network-based defense mechanisms countering the DoS and DDoS problems

Authors:
Tao Peng;Christopher Leckie;Kotagiri Ramamohanarao
Affiliations:
Department of Computer Science and Software Engineering, The University of Melbourne, Australia;Department of Computer Science and Software Engineering, The University of Melbourne, Australia;Department of Computer Science and Software Engineering, The University of Melbourne, Australia
Venue:
ACM Computing Surveys (CSUR)
Year:
2007

Citing 43
Cited 46

A note on denial-of-service in operating systems

IEEE Transactions on Software Engineering
An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
The design philosophy of the DARPA internet protocols

SIGCOMM '88 Symposium proceedings on Communications architectures and protocols
With microscope and tweezers: the worm from MIT's perspective

Communications of the ACM
Random early detection gateways for congestion avoidance

IEEE/ACM Transactions on Networking (TON)
Denial of service: an example

Communications of the ACM
TCP/IP illustrated (vol. 2): the implementation

TCP/IP illustrated (vol. 2): the implementation
Link-sharing and resource management models for packet networks

IEEE/ACM Transactions on Networking (TON)
Defending against denial of service attacks in Scout

OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Practical network support for IP traceback

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Protecting web servers from distributed denial of service attacks

Proceedings of the 10th international conference on World Wide Web
Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
An algebraic approach to IP traceback

ACM Transactions on Information and System Security (TISSEC)
An analysis of using reflectors for distributed denial-of-service attacks

ACM SIGCOMM Computer Communication Review
A survey of web caching schemes for the Internet

ACM SIGCOMM Computer Communication Review
Controlling high bandwidth aggregates in the network

ACM SIGCOMM Computer Communication Review
Defeating Distributed Denial of Service Attacks

IT Professional
Denial-of-Service Attacks Rip the Internet

Computer
Improving Security Using Extensible Lightweight Static Analysis

IEEE Software
SOS: secure overlay services

Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Attacking DDoS at the Source

ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
CDIS: Towards a Computer Immune System for Detecting Network Intrusions

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Adjusted Probabilistic Packet Marking for IP Traceback

NETWORKING '02 Proceedings of the Second International IFIP-TC6 Networking Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; and Mobile and Wireless Communications
A practical method to counteract denial of service attacks

ACSC '03 Proceedings of the 26th Australasian computer science conference - Volume 16
GOSSIB vs. IP Traceback Rumors

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Analysis of a Denial of Service Attack on TCP

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Using graphic turing tests to counter automated DDoS attacks against web servers

Proceedings of the 10th ACM conference on Computer and communications security
Alliance formation for DDoS defense

Proceedings of the 2003 workshop on New security paradigms
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
On scalable attack detection in the network

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)

Internet Denial of Service: Attack and Defense Mechanisms (Radia Perlman Computer Networking and Security)
Tracing Anonymous Packets to Their Approximate Source

LISA '00 Proceedings of the 14th USENIX conference on System administration
Analyzing Distributed Denial of Service Tools: The Shaft Case

LISA '00 Proceedings of the 14th USENIX conference on System administration
Denial of Service against the Domain Name System

IEEE Security and Privacy
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds

NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Centertrack: an IP overlay network for tracking DoS floods

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
MULTOPS: a data-structure for bandwidth attack detection

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SP 800-58. Security Considerations for Voice Over IP Systems

SP 800-58. Security Considerations for Voice Over IP Systems
Defending against flooding-based distributed denial-of-service attacks: a tutorial

IEEE Communications Magazine
Network intrusion and fault detection: a statistical anomaly approach

IEEE Communications Magazine

On the Design and Performance of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID and Collaborative Workflow Environments

Simulation
Assessing the risk of intercepting VoIP calls

Computer Networks: The International Journal of Computer and Telecommunications Networking
Engineering of Software-Intensive Systems: State of the Art and Research Challenges

Software-Intensive Systems and New Computing Paradigms
Trustworthy clients: Extending TNC to web-based environments

Computer Communications
An efficient analytical solution to thwart DDoS attacks in public domain

Proceedings of the International Conference on Advances in Computing, Communication and Control
DoSTRACK: a system for defending against DoS attacks

Proceedings of the 2009 ACM symposium on Applied Computing
Reducing the costs of large-scale BFT replication

LADIS '08 Proceedings of the 2nd Workshop on Large-Scale Distributed Systems and Middleware
Multiobjective classification with moGEP: an application in the network traffic domain

Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks

International Journal of Security and Networks
Design of the host guard firewall for network protection

ISP'08 Proceedings of the 7th WSEAS international conference on Information security and privacy
TrueIP: prevention of IP spoofing attacks using identity-based cryptography

Proceedings of the 2nd international conference on Security of information and networks
Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations

Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
DoS-resistant ID-based password authentication scheme using smart cards

Journal of Systems and Software
The curse of ease of access to the internet

ICISS'07 Proceedings of the 3rd international conference on Information systems security
Lightweight opportunistic tunneling (LOT)

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Memory-efficient IP filtering for countering DDoS attacks

APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Strategies for network resilience: capitalising on policies

AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Collaborative intrusion detection framework: characteristics, adversarial opportunities and countermeasures

CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
Detection of multicast video flooding attack using the pattern of bandwidth provisioning efficiency

IEEE Communications Letters
Black-box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service: work in progress

Principles, Systems and Applications of IP Telecommunications
DDoS detection and traceback with decision tree and grey relational analysis

International Journal of Ad Hoc and Ubiquitous Computing
Countering jamming attacks against an authentication and key agreement protocol for mobile satellite communications

Computers and Electrical Engineering
Counteracting DDoS attacks in WLAN

Proceedings of the 4th international conference on Security of information and networks
Distributed denial of service is a scalability problem

ACM SIGCOMM Computer Communication Review
Trust mechanisms in wireless sensor networks: Attack analysis and countermeasures

Journal of Network and Computer Applications
Improved anomaly detection using block-matching denoising

Computer Communications
Detecting DNS amplification attacks

CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Classification of UDP traffic for DDoS detection

LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
LOT: A Defense Against IP Spoofing and Flooding Attacks

ACM Transactions on Information and System Security (TISSEC)
DDoS flooding attack detection scheme based on F-divergence

Computer Communications
A survey of main memory acquisition and analysis techniques for the windows operating system

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Secure client puzzles based on random beacons

IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
Flow level detection and filtering of low-rate DDoS

Computer Networks: The International Journal of Computer and Telecommunications Networking
Towards a bayesian network game framework for evaluating DDoS attacks and defense

Proceedings of the 2012 ACM conference on Computer and communications security
Denial of service mitigation approach for IPv6-enabled smart object networks

Concurrency and Computation: Practice & Experience
A novel hybrid IP traceback scheme with packet counters

IDCS'12 Proceedings of the 5th international conference on Internet and Distributed Computing Systems
FireCol: a collaborative protection network for the detection of flooding DDoS attacks

IEEE/ACM Transactions on Networking (TON)
Methodologies for evaluating game theoretic defense against DDoS attacks

Proceedings of the Winter Simulation Conference
Security challenges in embedded systems

ACM Transactions on Embedded Computing Systems (TECS) - Special section on ESTIMedia'12, LCTES'11, rigorous embedded systems design, and multiprocessor system-on-chip for cyber-physical systems
A Mutual Authentication Protocol with Resynchronisation Capability for Mobile Satellite Communications

International Journal of Information Security and Privacy
Detecting latent attack behavior from aggregated Web traffic

Computer Communications
A survey of security issues in hardware virtualization

ACM Computing Surveys (CSUR)
A confidence-based filtering method for DDoS attack defense in cloud environment

Future Generation Computer Systems
Analyzing and defending against web-based malware

ACM Computing Surveys (CSUR)
Backscatter from the data plane - Threats to stability and security in information-centric network infrastructure

Computer Networks: The International Journal of Computer and Telecommunications Networking
sShield: small DDoS defense system using RIP-based traffic deflection in autonomous system

The Journal of Supercomputing

Quantified Score

Hi-index	0.00

Visualization

Abstract

This article presents a survey of denial of service attacks and the methods that have been proposed for defense against these attacks. In this survey, we analyze the design decisions in the Internet that have created the potential for denial of service attacks. We review the state-of-art mechanisms for defending against denial of service attacks, compare the strengths and weaknesses of each proposal, and discuss potential countermeasures against each defense mechanism. We conclude by highlighting opportunities for an integrated solution to solve the problem of distributed denial of service attacks.