The end-to-end effects of Internet path selection
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
An end-to-end approach to host mobility
MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Chord: A scalable peer-to-peer lookup service for internet applications
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback
IEEE/ACM Transactions on Networking (TON)
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
An algebraic approach to IP traceback
ACM Transactions on Information and System Security (TISSEC)
Tarzan: a peer-to-peer anonymizing network layer
Proceedings of the 9th ACM conference on Computer and communications security
IEEE/ACM Transactions on Networking (TON)
Measuring ISP topologies with rocketfuel
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Topology inference from BGP routing dynamics
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Security Considerations for Peer-to-Peer Distributed Hash Tables
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Overcast: reliable multicasting with on overlay network
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
Taming IP packet flooding attacks
ACM SIGCOMM Computer Communication Review
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
A system for authenticated policy-compliant routing
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A layered naming architecture for the internet
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
New client puzzle outsourcing techniques for DoS resistance
Proceedings of the 11th ACM conference on Computer and communications security
Adaptive Distributed Traffic Control Service for DDoS Attack Mitigation
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Towards an evolvable internet architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Countering DoS attacks with stateless multipath overlays
Proceedings of the 12th ACM conference on Computer and communications security
Understanding when location-hiding using overlay networks is feasible
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks
IEEE Transactions on Parallel and Distributed Systems
Tabu marking scheme to speedup IP traceback
Computer Networks: The International Journal of Computer and Telecommunications Networking
LIPS: a lightweight permit system for packet source origin accountability
Computer Networks: The International Journal of Computer and Telecommunications Networking
Stateful DDoS attacks and targeted filtering
Journal of Network and Computer Applications
Enhanced Internet security by a distributed traffic control service based on traffic ownership
Journal of Network and Computer Applications
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Cookies along trust-boundaries (CAT): accurate and deployable flood protection
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Empirical study of tolerating denial-of-service attacks with a proxy network
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
An end-middle-end approach to connection establishment
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
AID: A global anti-DoS service
Computer Networks: The International Journal of Computer and Telecommunications Networking
Keeping Denial-of-Service Attackers in the Dark
IEEE Transactions on Dependable and Secure Computing
Building resilient low-diameter peer-to-peer topologies
Computer Networks: The International Journal of Computer and Telecommunications Networking
Power to the people: securing the internet one edge at a time
Proceedings of the 2007 workshop on Large scale attack defense
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Simulation for intrusion-resilient, DDoS-resistant authentication system (IDAS)
Proceedings of the 2008 Spring simulation multiconference
Fidelity of network simulation and emulation: A case study of TCP-targeted denial of service attacks
ACM Transactions on Modeling and Computer Simulation (TOMACS)
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
Secure and policy-compliant source routing
IEEE/ACM Transactions on Networking (TON)
A2M: Access-Assured Mobile Desktop Computing
ISC '09 Proceedings of the 12th International Conference on Information Security
Scalable network-layer defense against internet bandwidth-flooding attacks
IEEE/ACM Transactions on Networking (TON)
Understanding when location-hiding using overlay networks is feasible
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
WebSOS: an overlay-based system for protecting web servers from denial of service attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
A survey of network virtualization
Computer Networks: The International Journal of Computer and Telecommunications Networking
Content delivery networks: protection or threat?
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
A survey on the design, applications, and enhancements of application-layer overlay networks
ACM Computing Surveys (CSUR)
NetFence: preventing internet denial of service from inside out
Proceedings of the ACM SIGCOMM 2010 conference
Evaluation of QoS-compliant overlays under denial of service attacks
SpringSim '10 Proceedings of the 2010 Spring Simulation Multiconference
On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks
SpringSim '10 Proceedings of the 2010 Spring Simulation Multiconference
OverCourt: DDoS mitigation through credit-based traffic segregation and path migration
Computer Communications
dfence: transparent network-based denial of service mitigation
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Experience report: trading dependability, performance, and security through temporal decoupling
Proceedings of the 11th IFIP WG 6.1 international conference on Distributed applications and interoperable systems
On enabling dependability assurance in heterogeneous networks through automated model-based analysis
SERENE'11 Proceedings of the Third international conference on Software engineering for resilient systems
Lessons for autonomic services from the design of an anonymous dos protection overlay
AN'06 Proceedings of the First IFIP TC6 international conference on Autonomic Networking
Keeping denial-of-service attackers in the dark
DISC'05 Proceedings of the 19th international conference on Distributed Computing
A multilayer overlay network architecture for enhancing IP services availability against dos
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
An incrementally deployable path address scheme
Journal of Parallel and Distributed Computing
A denial-of-service resistant DHT
DISC'07 Proceedings of the 21st international conference on Distributed Computing
Capability-Based Defenses Against DoS Attacks in Multi-path MANET Communications
Wireless Personal Communications: An International Journal
Spread Identity: A new dynamic address remapping mechanism for anonymity and DDoS defense
Journal of Computer Security
Hi-index | 0.00 |
Mayday is an architecture that combines overlay networks with lightweight packet filtering to defend against denial of service attacks. The overlay nodes perform client authentication and protocol verification, and then relay the requests to a protected server. The server is protected from outside attack by simple packet filtering rules that can be efficiently deployed even in backbone routers. Mayday generalizes earlier work on Secure Overlay Services. Mayday improves upon this prior work by separating the overlay routing and the filtering, and providing a more powerful set of choices for each. Through this generalization, Mayday supports several different schemes that provide different balances of security and performance, continuum, and supports mechanisms that achieve better security or better performance than earlier systems. To evaluate both Mayday and previous work, we also present several practical attacks, two of them novel, that are effective against filtering-based systems.