Self-adjusting binary search trees
Journal of the ACM (JACM)
A case for caching file objects inside internetworks
SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
UMAC: Fast and Secure Message Authentication
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Defensive programming: using an annotation toolkit to build DoS-resistant software
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Using client puzzles to protect TLS
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
How to spread adversarial nodes?: rotate!
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
A robust system for accurate real-time summaries of internet traffic
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A High Throughput String Matching Architecture for Intrusion Detection and Prevention
Proceedings of the 32nd annual international symposium on Computer Architecture
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Impeding attrition attacks in P2P systems
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Mitigating denial of service attacks: a tutorial
Journal of Computer Security
Average case vs. worst case: margins of safety in system design
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Towards a scalable and robust DHT
Proceedings of the eighteenth annual ACM symposium on Parallelism in algorithms and architectures
Fast and Robust TCP Session Lookup by Digest Hash
ICPADS '06 Proceedings of the 12th International Conference on Parallel and Distributed Systems - Volume 1
The shunt: an FPGA-based accelerator for network intrusion prevention
Proceedings of the 2007 ACM/SIGDA 15th international symposium on Field programmable gate arrays
Anticipatory distributed packet filter configurations for carrier-grade IP networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Building a reactive immune system for software services
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Attrition defenses for a peer-to-peer digital preservation system
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Tracking the role of adversaries in measuring unwanted traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Robust TCP stream reassembly in the presence of adversaries
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Proceedings of the 14th ACM conference on Computer and communications security
Mitigating application-level denial of service attacks on Web servers: A client-transparent approach
ACM Transactions on the Web (TWEB)
A collaborative defense mechanism against SYN flooding attacks in IP networks
Journal of Network and Computer Applications
Deflating the big bang: fast and scalable deep packet inspection with extended finite automata
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Distributed Evasive Scan Techniques and Countermeasures
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Opportunities and Limits of Remote Timing Attacks
ACM Transactions on Information and System Security (TISSEC)
Robust random number generation for peer-to-peer systems
Theoretical Computer Science
A middleware system for protecting against application level denial of service attacks
Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Resiliency of open-source firewalls against remote discovery of last-matching rules
Proceedings of the 2nd international conference on Security of information and networks
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Discovering last-matching rules in popular open-source and commercial firewalls
International Journal of Internet Protocol Technology
Toward sound-assisted intrusion detection systems
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
NETWORKING'08 Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internet
Data structures with unpredictable timing
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Robust and fast pattern matching for intrusion detection
INFOCOM'10 Proceedings of the 29th conference on Information communications
On the security of reliable server pooling systems
International Journal of Intelligent Information and Database Systems
Towards vulnerability-based intrusion detection with event processing
Proceedings of the 5th ACM international conference on Distributed event-based system
Energy attack on server systems
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
A middleware system for protecting against application level denial of service attacks
Middleware'06 Proceedings of the 7th ACM/IFIP/USENIX international conference on Middleware
Robust random number generation for peer-to-peer systems
OPODIS'06 Proceedings of the 10th international conference on Principles of Distributed Systems
A prevention model for algorithmic complexity attacks
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Commensal cuckoo: secure group partitioning for large-scale services
ACM SIGOPS Operating Systems Review
Robust distributed name service
IPTPS'04 Proceedings of the Third international conference on Peer-to-Peer Systems
Enhancing network intrusion detection with integrated sampling and filtering
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
SAFERPHP: finding semantic vulnerabilities in PHP applications
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
A proposal of extension of FMS-Based mechanism to find attack paths
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Towards net-centric cyber survivability for ballistic missile defense
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
Sketching in Adversarial Environments
SIAM Journal on Computing
On the vulnerability of hardware hash tables to sophisticated attacks
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part I
Tolerating overload attacks against packet capturing systems
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Cobra: toward concurrent ballot authorization for internet voting
EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
WAFFle: fingerprinting filter rules of web application firewalls
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Resource-freeing attacks: improve your cloud performance (at your neighbor's expense)
Proceedings of the 2012 ACM conference on Computer and communications security
MCA2: multi-core architecture for mitigating complexity attacks
Proceedings of the eighth ACM/IEEE symposium on Architectures for networking and communications systems
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Toddler: detecting performance problems via similar memory-access patterns
Proceedings of the 2013 International Conference on Software Engineering
Explicit authentication response considered harmful
Proceedings of the 2013 workshop on New security paradigms workshop
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures. Frequently used data structures have "average-case" expected running time that's far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists with carefully chosen input. We show how an attacker can effectively compute such input, and we demonstrate attacks against the hash table implementations in two versions of Perl, the Squid web proxy, and the Bro intrusion detection system. Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks.