Resource containers: a new facility for resource management in server systems
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
ACM Transactions on Computer Systems (TOCS)
An analysis of using reflectors for distributed denial-of-service attacks
ACM SIGCOMM Computer Communication Review
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
A Lightweight, Robust P2P System to Handle Flash Crowds
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Handling Multiple Bottlenecks in Web Servers Using Adaptive Inbound Controls
PIHSN '02 Proceedings of the 7th IFIP/IEEE International Workshop on Protocols for High Speed Networks
Peer-to-Peer Caching Schemes to Address Flash Crowds
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
A Toolkit for User-Level File Systems
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Persistent dropping: an efficient control of traffic aggregates
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Pessimal Print: A Reverse Turing Test
ICDAR '01 Proceedings of the Sixth International Conference on Document Analysis and Recognition
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
ARTiFACIAL: automated reverse turing test using FACIAL features
MULTIMEDIA '03 Proceedings of the eleventh ACM international conference on Multimedia
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
MULTOPS: a data-structure for bandwidth attack detection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Eliminating receive livelock in an interrupt-driven kernel
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Recognizing objects in adversarial clutter: breaking a visual captcha
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
PRIMED: community-of-interest-based DDoS mitigation
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Survey of network-based defense mechanisms countering the DoS and DDoS problems
ACM Computing Surveys (CSUR)
A self-aware approach to denial of service defence
Computer Networks: The International Journal of Computer and Telecommunications Networking
Adversarial exploits of end-systems adaptation dynamics
Journal of Parallel and Distributed Computing
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies
IEEE Transactions on Dependable and Secure Computing
Towards user-centric metrics for denial-of-service measurement
Proceedings of the 2007 workshop on Experimental computer science
A user-centric metric for denial-of-service measurement
ecs'07 Experimental computer science on Experimental computer science
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Peer-to-peer botnets: overview and case study
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
An advanced hybrid peer-to-peer botnet
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
AS-based accountability as a cost-effective DDoS defense
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Pollution attacks and defenses for Internet caching systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Minimizing collateral damage by proactive surge protection
Proceedings of the 2007 workshop on Large scale attack defense
Mitigating application-level denial of service attacks on Web servers: A client-transparent approach
ACM Transactions on the Web (TWEB)
Security and insurance management in networks with heterogeneous agents
Proceedings of the 9th ACM conference on Electronic commerce
Cataclysm: Scalable overload policing for internet applications
Journal of Network and Computer Applications
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
GS-TMS: a global stream-based threat monitor system
Proceedings of the VLDB Endowment
Proactive surge protection: a defense mechanism for bandwidth-based attacks
SS'08 Proceedings of the 17th conference on Security symposium
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
DDoS-shield: DDoS-resilient scheduling to counter application layer attacks
IEEE/ACM Transactions on Networking (TON)
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Exploring the security requirements for quality of service in combined wired and wireless networks
Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly
A DoS-resilient information system for dynamic data management
Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers
Information Security Applications
Towards the perfect DDoS attack: the perfect storm
SARNOFF'09 Proceedings of the 32nd international conference on Sarnoff symposium
Communities of interest for internet traffic prioritization
INFOCOM'09 Proceedings of the 28th IEEE international conference on Computer Communications Workshops
ACM Transactions on Computer Systems (TOCS)
BogusBiter: A transparent protection against phishing attacks
ACM Transactions on Internet Technology (TOIT)
Real-time behaviour profiling for network monitoring
International Journal of Internet Protocol Technology
Modeling human behavior for defense against flash-crowd attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
JUST-google: a search engine-based defense against botnet-based DDoS attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
NetFence: preventing internet denial of service from inside out
Proceedings of the ACM SIGCOMM 2010 conference
Don't tread on me: moderating access to OSN data with spikestrip
WOSN'10 Proceedings of the 3rd conference on Online social networks
A new form of DOS attack in a cloud and its avoidance mechanism
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Web robot detection techniques: overview and limitations
Data Mining and Knowledge Discovery
WDA: A Web farm Distributed Denial Of Service attack attenuator
Computer Networks: The International Journal of Computer and Telecommunications Networking
Reconstructing hash reversal based proof of work schemes
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Energy attack on server systems
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Detecting fraudulent use of cloud resources
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
A middleware system for protecting against application level denial of service attacks
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Users and services in intelligent networks
AINTEC'05 Proceedings of the First Asian Internet Engineering conference on Technologies for Advanced Heterogeneous Networks
Tracking DDoS attacks: insights into the business of disrupting the web
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Ensemble-based DDoS detection and mitigation model
Proceedings of the Fifth International Conference on Security of Information and Networks
Maygh: building a CDN from client web browsers
Proceedings of the 8th ACM European Conference on Computer Systems
IRIS: a robust information system against insider dos-attacks
Proceedings of the twenty-fifth annual ACM symposium on Parallelism in algorithms and architectures
| Hi-index | 0.00 |
Recent denial of service attacks are mounted by professionals using Botnets of tens of thousands of compromised machines. To circumvent detection, attackers are increasingly moving away from bandwidth floods to attacks that mimic the Web browsing behavior of a large number of clients, and target expensive higher-layer resources such as CPU, database and disk bandwidth. The resulting attacks are hard to defend against using standard techniques, as the malicious requests differ from the legitimate ones in intent but not in content. We present the design and implementation of Kill-Bots, a kernel extension to protect Web servers against DDoS attacks that masquerade as flash crowds. Kill-Bots provides authentication using graphical tests but is different from other systems that use graphical tests. First, Kill-Bots uses an intermediate stage to identify the IP addresses that ignore the test, and persistently bombard the server with requests despite repeated failures at solving the tests. These machines are bots because their intent is to congest the server. Once these machines are identified, Kill-Bots blocks their requests, turns the graphical tests off, and allows access to legitimate users who are unable or unwilling to solve graphical tests. Second, Kill-Bots sends a test and checks the client's answer without allowing unauthenticated clients access to sockets, TCBs, and worker processes. Thus, it protects the authentication mechanism from being DDoSed. Third, Kill-Bots combines authentication with admission control. As a result, it improves performance, regardless of whether the server overload is caused by DDoS or a true Flash Crowd.