Communications of the ACM
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
Resource containers: a new facility for resource management in server systems
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Defending against denial of service attacks in Scout
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
The OSU Flow-tools Package and CISCO NetFlow Logs
LISA '00 Proceedings of the 14th USENIX conference on System administration
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
Centertrack: an IP overlay network for tracking DoS floods
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Characteristics of network traffic flow anomalies
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Characteristics of fragmented IP traffic on internet links
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Protecting electronic commerce from distributed denial-of-service attacks
Proceedings of the 11th international conference on World Wide Web
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Efficient packet marking for large-scale IP traceback
Proceedings of the 9th ACM conference on Computer and communications security
Query-flood DoS attacks in gnutella
Proceedings of the 9th ACM conference on Computer and communications security
Journal of Network and Systems Management
Beyond folklore: observations on fragmented traffic
IEEE/ACM Transactions on Networking (TON)
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
An Evaluation of Different IP Traceback Approaches
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Dynamically Fault-Tolerant Content Addressable Networks
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Providing Process Origin Information to Aid in Network Traceback
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Peer Pressure: Distributed Recovery from Attacks in Peer-to-Peer Systems
Revised Papers from the NETWORKING 2002 Workshops on Web Engineering and Peer-to-Peer Computing
Design and Implementation of FPGA Circuits for High Speed Network Monitors
FPL '02 Proceedings of the Reconfigurable Computing Is Going Mainstream, 12th International Conference on Field-Programmable Logic and Applications
Comparing Data Streams Using Hamming Norms (How to Zero In)
IEEE Transactions on Knowledge and Data Engineering
Internet intrusions: global characteristics and prevalence
SIGMETRICS '03 Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A practical method to counteract denial of service attacks
ACSC '03 Proceedings of the 26th Australasian computer science conference - Volume 16
Pi: A Path Identification Mechanism to Defend against DDoS Attacks
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
The effectiveness of request redirection on CDN robustness
ACM SIGOPS Operating Systems Review - OSDI '02: Proceedings of the 5th symposium on Operating systems design and implementation
A Path Information Caching and Aggregation Approach to Traffic Source Identification
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
IEEE Security and Privacy
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Hop-count filtering: an effective defense against spoofed DDoS traffic
Proceedings of the 10th ACM conference on Computer and communications security
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Distributed Management Architecture for Cooperative Detection and Reaction to DDoS Attacks
Journal of Network and Systems Management
Tracing DDoS Floods: An Automated Approach
Journal of Network and Systems Management
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Accurate, scalable in-network identification of p2p traffic using application signatures
Proceedings of the 13th international conference on World Wide Web
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Analyzing internet voting security
Communications of the ACM - Voting systems
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Toward understanding distributed blackhole placement
Proceedings of the 2004 ACM workshop on Rapid malcode
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
On the difficulty of scalably detecting network attacks
Proceedings of the 11th ACM conference on Computer and communications security
A holistic approach to service survivability
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Attack resistant cache replacement for survivable services
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Change-Point Monitoring for the Detection of DoS Attacks
IEEE Transactions on Dependable and Secure Computing
The effectiveness of request redirection on CDN robustness
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Providing process origin information to aid in computer forensic investigations
Journal of Computer Security
Perimeter-Based Defense against High Bandwidth DDoS Attacks
IEEE Transactions on Parallel and Distributed Systems
Authenticity and availability in PIPE networks
Future Generation Computer Systems - Special issue: P2P computing and interaction with grids
The Blaster Worm: Then and Now
IEEE Security and Privacy
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Greynets: a definition and evaluation of sparsely populated darknets
Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Optimal positioning of active and passive monitoring devices
CoNEXT '05 Proceedings of the 2005 ACM conference on Emerging network experiment and technology
Monitoring the Macroscopic Effect of DDoS Flooding Attacks
IEEE Transactions on Dependable and Secure Computing
Countering DoS attacks with stateless multipath overlays
Proceedings of the 12th ACM conference on Computer and communications security
Worm evolution tracking via timing analysis
Proceedings of the 2005 ACM workshop on Rapid malcode
Denial-of-Service Attack-Detection Techniques
IEEE Internet Computing
IP Easy-pass: a light-weight network-edge resource access control
IEEE/ACM Transactions on Networking (TON)
IEEE Transactions on Dependable and Secure Computing
IDGraphs: Intrusion Detection and Analysis Using Stream Compositing
IEEE Computer Graphics and Applications
Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback
IEEE Transactions on Parallel and Distributed Systems
IEEE Transactions on Dependable and Secure Computing
A novel approach to detecting DDoS Attacks at an Early Stage
The Journal of Supercomputing
Mitigating denial of service attacks: a tutorial
Journal of Computer Security
A survivable DoS-resistant overlay network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Exploiting P2P systems for DDoS attacks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Analysis of traceback techniques
ACSW Frontiers '06 Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54
Towards scalable and robust distributed intrusion alert fusion with good load balancing
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Protecting TCP services from denial of service attacks
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Analyzing large DDoS attacks using multiple data sources
Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense
Internet-scale malware mitigation: combining intelligence of the control and data plane
Proceedings of the 4th ACM workshop on Recurring malcode
Dynamic probabilistic packet marking for efficient IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
Stateful DDoS attacks and targeted filtering
Journal of Network and Computer Applications
Collaborative detection and filtering of shrew DDoS attacks using spectral analysis
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
On scalable attack detection in the network
IEEE/ACM Transactions on Networking (TON)
On deterministic packet marking
Computer Networks: The International Journal of Computer and Telecommunications Networking
Computer Networks: The International Journal of Computer and Telecommunications Networking
Surviving internet catastrophes
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Collaborating against common enemies
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
The spoofer project: inferring the extent of source address filtering on the internet
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Efficient and secure source authentication with packet passports
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Leveraging good intentions to reduce unwanted network traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Privacy-preserving sharing and correction of security alerts
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Vulnerabilities of passive internet threat monitors
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
On the effectiveness of distributed worm monitoring
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies
IEEE Transactions on Dependable and Secure Computing
A queueing analysis for the denial of service (DoS) attacks in computer networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network intrusion detection through Adaptive Sub-Eigenspace Modeling in multiagent systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Comparing data streams using Hamming norms (how to zero in)
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Collaborative Detection of DDoS Attacks over Multiple Network Domains
IEEE Transactions on Parallel and Distributed Systems
Keeping Denial-of-Service Attackers in the Dark
IEEE Transactions on Dependable and Secure Computing
Distributed set-expression cardinality estimation
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Distributed change-point detection of DDoS attacks: experimental results on DETER testbed
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
Pollution attacks and defenses for Internet caching systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Parallel and Distributed Computing
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Proceedings of the 2007 workshop on Large scale attack defense
Origins: an approach to trace fast spreading worms to their roots
International Journal of Security and Networks
Single packet IP traceback in AS-level partial deployment scenario
International Journal of Security and Networks
BotHunter: detecting malware infection through IDS-driven dialog correlation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Packet forwarding with source verification
Computer Networks: The International Journal of Computer and Telecommunications Networking
GONE: an infrastructure overlay for resilient, DoS-limiting networking
Proceedings of the 2006 international workshop on Network and operating systems support for digital audio and video
Characterizing Dark DNS Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Queueing Analysis for Networks Under DoS Attack
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Traffic Aggregation for Malware Detection
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Distinguishing between FE and DDoS Using Randomness Check
ISC '08 Proceedings of the 11th international conference on Information Security
Correcting congestion-based error in network telescope's observations of worm dynamics
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
A data mining approach for analysis of worm activity through automatic signature generation
Proceedings of the 1st ACM workshop on Workshop on AISec
Fidelity of network simulation and emulation: A case study of TCP-targeted denial of service attacks
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Traffic flooding attack detection with SNMP MIB using SVM
Computer Communications
Design and Implementation of an SNMP-Based Traffic Flooding Attack Detection System
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
On Modeling Counteraction against TCP SYN Flooding
Information Networking. Towards Ubiquitous Networking and Services
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet
Journal of Network and Systems Management
SS'08 Proceedings of the 17th conference on Security symposium
IEEE/ACM Transactions on Networking (TON)
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
SMEs and Cybersecurity Threats in E-Commerce
The EDP Audit, Control, and Security Newsletter
A2M: Access-Assured Mobile Desktop Computing
ISC '09 Proceedings of the 12th International Conference on Information Security
Application of anomaly detection algorithms for detecting SYN flooding attacks
Computer Communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A survivable DoS-resistant overlay network
Computer Networks: The International Journal of Computer and Telecommunications Networking
Your botnet is my botnet: analysis of a botnet takeover
Proceedings of the 16th ACM conference on Computer and communications security
Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers
Information Security Applications
Fast traffic anomalies detection using SNMP MIB correlation analysis
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 1
An empirical study of malware evolution
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Preventing SYN flood DoS attacks: an improvement to SYN cookies
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
A theoretical approach to parameter value selection of probabilistic packet marking for IP traceback
AINTEC '09 Asian Internet Engineering Conference
Differential privacy for collaborative security
Proceedings of the Third European Workshop on System Security
Tools and technology for computer forensics: research and development in Hong Kong
ISPEC'07 Proceedings of the 3rd international conference on Information security practice and experience
Detecting distributed denial of service attacks by sharing distributed beliefs
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
A proposal for DoS-defensive internet key exchange
ICCSA'03 Proceedings of the 2003 international conference on Computational science and its applications: PartII
The automatic peer-to-peer signature for source address validation
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part I
Vortex: enabling cooperative selective wormholing for network security systems
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Malware in IEEE 802.11 wireless networks
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Traffic growth analysis over three years in enterprise networks
APCC'09 Proceedings of the 15th Asia-Pacific conference on Communications
HiFIND: A high-speed flow-level intrusion detection approach with DoS resiliency
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dependability metrics
SYN flooding attack detection based on entropy computing
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Automatically generating models for botnet detection
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Modeling human behavior for defense against flash-crowd attacks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A survey of IP traceback mechanisms to overcome denial-of-service attacks
ICNVS'10 Proceedings of the 12th international conference on Networking, VLSI and signal processing
A survey on the design, applications, and enhancements of application-layer overlay networks
ACM Computing Surveys (CSUR)
Journal of Intelligent Manufacturing
International Journal of Network Management
Internet background radiation revisited
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Temporally oblivious anomaly detection on large networks using functional peers
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
A queue model to detect DDos attacks
CTS'05 Proceedings of the 2005 international conference on Collaborative technologies and systems
Benchmarks for DDoS defense evaluation
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Mitigating DoS attack through selective bin verification
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Privacy-preserving network forensics
Communications of the ACM
Properties and Evolution of Internet Traffic Networks from Anonymized Flow Data
ACM Transactions on Internet Technology (TOIT)
Detection of TCP attacks using SOM with fast nearest-neighbor search
NN'05 Proceedings of the 6th WSEAS international conference on Neural networks
Automated remote repair for mobile malware
Proceedings of the 27th Annual Computer Security Applications Conference
Guaranteeing access in spite of distributed service-flooding attacks
Proceedings of the 11th international conference on Security Protocols
Intrusion detection of DoS/DDoS and probing attacks for web services
WAIM'05 Proceedings of the 6th international conference on Advances in Web-Age Information Management
A novel rate limit algorithm against meek DDoS attacks
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Detecting SYN flooding attacks near innocent side
MSN'05 Proceedings of the First international conference on Mobile Ad-hoc and Sensor Networks
SVM approach with CTNT to detect DDoS attacks in grid computing
GCC'05 Proceedings of the 4th international conference on Grid and Cooperative Computing
A new DDoS detection model using multiple SVMs and TRA
EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Formal analysis and improvement of the state transition model for intrusion tolerant system
WINE'05 Proceedings of the First international conference on Internet and Network Economics
Traffic anomaly detection and characterization in the tunisian national university network
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
A comprehensive categorization of DDoS attack and DDoS defense techniques
ADMA'06 Proceedings of the Second international conference on Advanced Data Mining and Applications
A novel technique for detecting DDoS attacks at its early stage
ISPA'04 Proceedings of the Second international conference on Parallel and Distributed Processing and Applications
An adaptive edge marking based hierarchical IP traceback system
ICCNMC'05 Proceedings of the Third international conference on Networking and Mobile Computing
A pointillist approach for comparing honeypots
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
LSAD: lightweight SYN flooding attack detector
ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology
RCS: a distributed mechanism against link flooding DDoS attacks
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
A hypothesis testing based scalable TCP scan detection
ICOIN'06 Proceedings of the 2006 international conference on Information Networking: advances in Data Communications and Wireless Networks
A comparison between divergence measures for network anomaly detection
Proceedings of the 7th International Conference on Network and Services Management
PISA: automatic extraction of traffic signatures
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Keeping denial-of-service attackers in the dark
DISC'05 Proceedings of the 19th international conference on Distributed Computing
Assessment of a vulnerability in iterative servers enabling low-rate dos attacks
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Detecting DDoS attacks based on multi-stream fused HMM in source-end network
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Low rate dos attack to monoprocess servers
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
LOT: A Defense Against IP Spoofing and Flooding Attacks
ACM Transactions on Information and System Security (TISSEC)
DDoS flooding attack detection scheme based on F-divergence
Computer Communications
Anomaly detection methods in wired networks: a survey and taxonomy
Computer Communications
SYN flooding attack detection by TCP handshake anomalies
Security and Communication Networks
Distributed denial-of-service attack detection scheme-based joint-entropy
Security and Communication Networks
Classifying internet one-way traffic
Proceedings of the 2012 ACM conference on Internet measurement conference
International Journal of Information Security and Privacy
Dissecting SpyEye - Understanding the design of third generation botnets
Computer Networks: The International Journal of Computer and Telecommunications Networking
Network Anomaly Detection Using Co-clustering
ASONAM '12 Proceedings of the 2012 International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2012)
Measurement and modeling of paging channel overloads on a cellular network
Computer Networks: The International Journal of Computer and Telecommunications Networking
An in-depth analysis on traffic flooding attacks detection and system using data mining techniques
Journal of Systems Architecture: the EUROMICRO Journal
Hi-index | 0.02 |
In this paper, we seek to answer a simple question: "How prevalent are denial-of-service attacks in the Internet today?". Our motivation is to understand quantitatively the nature of the current threat as well as to enable longer-term analyses of trends and recurring patterns of attacks. We present a new technique, called "backscatter analysis", that provides an estimate of worldwide denial-of-service activity. We use this approach on three week-long datasets to assess the number, duration and focus of attacks, and to characterize their behavior. During this period, we observe more than 12,000 attacks against more than 5,000 distinct targets, ranging from well known e-commerce companies such as Amazon and Hotmail to small foreign ISPs and dial-up connections. We believe that our work is the only publically available data quantifying denial-of-service activity in the Internet.