DoSTRACK

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

DoSTRACK: a system for defending against DoS attacks

Full text

Pdf (461 KB)

Source

Symposium on Applied Computing archive
Proceedings of the 2009 ACM symposium on Applied Computing table of contents

Honolulu, Hawaii

SESSION: Computer networks track table of contents

Pages 47-53

Year of Publication: 2009

ISBN:978-1-60558-166-8

Authors

Udaya Kiran Tupakula	Macquarie University, North Ryde, Australia
Vijay Varadharajan	Macquarie University, North Ryde, Australia
Srini Rao Pandalaneni	Hewlett Packard, Rhodes, Australia

Sponsor

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 19, Downloads (12 Months): 114, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1529282.1529291 What is a DOI?

ABSTRACT

Denial of service (DoS) attacks are one of the complex problems in the current Internet. In this paper, we propose a system, DoSTRACK, that can efficiently deal with the TCP SYN and reflection Distributed Denial of Service (DDoS) attacks. We also describe a prototype implementation of our model with HP OpenView Network Node Manager (NNM) and discuss how our model can be beneficial to the DDoS victim and the ISP.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	CERT advisory CA-1996-21, "TCP SYN flooding and IP Spoofing Attacks", http://www.cert.org/advisories/CA-1996-21.html.
	2	Christoph L. Schuba , Ivan V. Krsul , Markus G. Kuhn , Eugene H. spafford , Aurobindo Sundaram , Diego Zamboni, Analysis of a Denial of Service Attack on TCP, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.208, May 04-07, 1997
	3	CERT advisory CA-1998-01, "Smurf IP Denial-of-Service Attacks", http://www.cert.org/advisories/CA-1998-01.html
	4	Vern Paxson, An analysis of using reflectors for distributed denial-of-service attacks, ACM SIGCOMM Computer Communication Review, v.31 n.3, July 2001 [doi>10.1145/505659.505664]
	5	Tao Peng , Christopher Leckie , Kotagiri Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Computing Surveys (CSUR), v.39 n.1, p.3-es, 2007 [doi>10.1145/1216370.1216373]
	6	P. Ferguson , D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, RFC Editor, 1998
	7	Cisco Webpages, "Unicast reverse path forwarding", http://www.cisco.com/univercd/cc/td/doc/product/software/ios111/cc111/uni_rpf.pdf.
	8	Haining Wang , Cheng Jin , Kang G. Shin, Defense against spoofed IP traffic using hop-count filtering, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.40-53, February 2007 [doi>10.1109/TNET.2006.890133]
	9	Robert Stone, Centertrack: an IP overlay network for tracking DoS floods, Proceedings of the 9th conference on USENIX Security Symposium, p.15-15, August 14-17, 2000, Denver, Colorado
	10	Alex C. Snoeren , Craig Partridge , Luis A. Sanchez , Christine E. Jones , Fabrice Tchakountio , Beverly Schwartz , Stephen T. Kent , W. Timothy Strayer, Single-packet IP traceback, IEEE/ACM Transactions on Networking (TON), v.10 n.6, p.721-734, December 2002 [doi>10.1109/TNET.2002.804827]
	11	Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Network support for IP traceback, IEEE/ACM Transactions on Networking (TON), v.9 n.3, p.226-237, June 2001 [doi>10.1109/90.929847]
	12	Udaya Kiran Tupakula , Vijay Varadharajan, A practical method to counteract denial of service attacks, Proceedings of the 26th Australasian computer science conference, p.275-284, February 01, 2003, Adelaide, Australia
	13	Udaya Kiran Tupakula, Vijay Varadharajan, and Ashok Kumar Gajam, "Counteracting TCP SYN DDoS Attacks using Automated Model", IEEE Globecom 2004, Texas, USA. Nov. 2004
	14	Ratul Mahajan , Steven M. Bellovin , Sally Floyd , John Ioannidis , Vern Paxson , Scott Shenker, Controlling high bandwidth aggregates in the network, ACM SIGCOMM Computer Communication Review, v.32 n.3, p.62-73, July 2002 [doi>10.1145/571697.571724]
	15	Yoohwan Kim , Wing Cheong Lau , Mooi Choo Chuah , H. Jonathan Chao, PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks, IEEE Transactions on Dependable and Secure Computing, v.3 n.2, p.141-155, April 2006 [doi>10.1109/TDSC.2006.25]
	16	Steve Gibson, "Distributed Reflection Denial of Service", http://www.grc.com
	17	Ken Silva, Frank Scalzo and Piet Barber, "Anatomy of Recent DNS Reflector Attacks from the Victim and Reflector Point of View", April 2006. http://www.verisign.com/static/037903.pdf
	18	Check Point Software Technologies Ltd., "SynDefender", http://www.checkpoint.com/products/firewall-1
	19	The Open Source Network Intrusion Detection System: Snort. http://www.snort.org/docs/iss-placement.pdf.
	20	J. Postel, "Internet Protocol", RFC 791, Sept. 1981.
	21	HP, "HP OpenView Network Node Manager: Managing your Network with HP OpenView Network Node Manager", http://ovweb.external.hp.com/ovnsmdps/pdf/t2490-90004.pdf.