ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A taxonomy of DDoS attack and DDoS defense mechanisms
Full text PdfPdf (209 KB)
Source ACM SIGCOMM Computer Communication Review archive
Volume 34 ,  Issue 2  (April 2004) table of contents
FEATURE: Full papers table of contents
Pages: 39 - 53  
Year of Publication: 2004
ISSN:0146-4833
Authors
Jelena Mirkovic  University of Delaware, Newark, DE
Peter Reiher  UCLA, Los Angeles, CA
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 116,   Downloads (12 Months): 755,   Citation Count: 56
Additional Information:

abstract   references   cited by   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/997150.997156
What is a DOI?

ABSTRACT

Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
D. G. Andersen. Mayday: Distributed filtering for internet services. In Proceedings of 4th Usenix Symposium on Internet Technologies and Systems, March 2003.
2
David Andersen , Hari Balakrishnan , Frans Kaashoek , Robert Morris, Resilient overlay networks, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
 
3
T. Anderson, T. Roscoe, and D. Wetherall. Preventing internet denial-of-service with capabilities. In In Proceedings of HotNets II, November 2003.
 
4
Arbor Networks. The Peakflow Platform. http://www.arbornetworks.com.
 
5
T. Aura, P. Nikander, and J. Leiwo. DOS-Resistant Authentication with Client Puzzles. Lecture Notes in Computer Science, 2133, 2001.
 
6
S. Axelsson. Intrusion detection systems: A survey and taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University, March 2000.
7
Paul Barford , Jeffery Kline , David Plonka , Amos Ron, A signal analysis of network traffic anomalies, Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, November 06-08, 2002, Marseille, France  [doi>10.1145/637201.637210]
 
8
BBN Technologies. Applications that participate in their own defense. http://www.bbn.com/infosec/apod.html.
 
9
BBN Technologies. Intrusion tolerance by unpredictability and adaptation. http://www.bbn.com/infosec/itua.html.
 
10
S. Bellovin, M. Leech, and T. Taylor. ICMP Traceback Messages. Internet draft, work in progress, October 2001.
 
11
D. J. Bernstein. Syn cookies. http://cr.yp.to/syncookies.html.
 
12
CERT CC. CA-2001-19 "Code Red" Worm Exploiting Buffer Overflow In IIS Indexing Service DLL. http://www.cert.org/advisories/CA-2001-19.html.
 
13
CERT CC. Code Red II. http://www.cert.org/incident_notes/IN-2001-09.html.
 
14
CERT CC. Denial of Service Attacks. http://www.cert.org/tech_tips/denial_of_service.html.
 
15
CERT CC. DoS using nameservers. http://www.cert.org/incident_notes/IN-2000-04.html.
 
16
CERT CC. erkms and li0n worms. http://www.cert.org/incident_notes/IN-2001-03.html.
 
17
CERT CC. Nimda worm. http://www.cert.org/advisories/CA-2001-26.html.
 
18
CERT CC. Ramen worm. http://www.cert.org/incident_notes/IN-2001-01.html.
 
19
CERT CC. Smurf attack. http://www.cert.org/advisories/CA-1998-01.html.
 
20
CERT CC. TCP SYN flooding and IP spoofing attacks. http://www.cert.org/advisories/CA-1996-21.html.
 
21
CERT CC. Trends in Denial of Service Attack Technology, October 2001. http://www.cert.org/archive/pdf/DoS_trends.pdf.
 
22
Cisco. Strategies to protect against Distributed Denial of Service Attacks. http://www.cisco.com/warp/public/707/newsflash.html.
 
23
Cs3. Inc. MANAnet DDoS White Papers. http://www.cs3-inc.com/mananet.html.
 
24
T. Darmohray and R. Oliver. Hot spares for DDoS attacks. http://www.usenix.org/publications/login/2000-7/apropos.html.
 
25
D. Dean, M. Franklin, and A. Stubblefield. An algebraic approach to IP Traceback. In Proceedings of the 2001 Network and Distributed System Security Symposium, February 2001.
 
26
Hervé Debar , Marc Dacier , Andreas Wespi, Towards a taxonomy of intrusion-detection systems, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.31 n.9, p.805-822, April 23, 1999
 
27
D. Dittrich. The DoS Project's trinoo distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/trinoo.analysis.
 
28
D. Dittrich. The Tribe Flood Network distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/tfn.analysis.txt.
 
29
D. Dittrich, G. Weaver, S. Dietrich, and N. Long. The mstream distributed denial of service attack tool. http://staff.washington.edu/dittrich/misc/ mstream.analysis.txt.
 
30
P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. RFC 2827, May 2000.
 
31
A. Garg and A. L. N. Reddy. Mitigation of DoS attacks through QoS Regulation. In Proceedings of IWQOS workshop, May 2002.
 
32
T. M. Gil and M. Poletto. MULTOPS: a data-structure for bandwidth attack detection. In Proceedings of 10th Usenix Security Symposium, August 2001.
 
33
Katie Hafner , John Markoff, Cyberpunk: outlaws and hackers on the computer frontier, Simon & Schuster, Inc., New York, NY, 1991
 
34
G. Hardin. The Tragedy of the Commons. Science, 162(1968):1243--1248, 1968.
 
35
John Douglas Howard, An analysis of security incidents on the Internet 1989-1995, Carnegie Mellon University, Pittsburgh, PA, 1998
 
36
J. D. Howard and T. A. Longstaff. A common language for computer security incidents.
37
Alefiya Hussain , John Heidemann , Christos Papadopoulos, A framework for classifying denial of service attacks, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany  [doi>10.1145/863955.863968]
 
38
Information Sciences Institute. Dynabone. http://www.isi.edu/dynabone/.
 
39
J. Ioannidis and S. M. Bellovin. Pushback: Router-Based Defense Against DDoS Attacks. In Proceedings of NDSS, February 2002.
 
40
A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Proceedings of the 1999 Networks and distributed system security symposium, March 1999.
41
Frank Kargl , Joern Maier , Michael Weber, Protecting web servers from distributed denial of service attacks, Proceedings of the 10th international conference on World Wide Web, p.514-524, May 01-05, 2001, Hong Kong, Hong Kong  [doi>10.1145/371920.372148]
42
Angelos D. Keromytis , Vishal Misra , Dan Rubenstein, SOS: secure overlay services, Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, August 19-23, 2002, Pittsburgh, Pennsylvania, USA
 
43
F. Lau, S. H. Rubin, M. H. Smith, and L. Trajkovic. Distributed Denial of Service Attacks. In IEEE International Conference on Systems, Man, and Cybernetics, pages 2275--2280, Nashville, TN, USA, October 2000.
 
44
Jussipekka Leiwo , Tuomas Aura , Pekka Nikander, Towards Network Denial of Service Resistant Protocols, Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures, p.301-310, August 22-24, 2000
 
45
J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang. SAVE: Source Address Validity Enforcement Protocol. In Proceedings of INFOCOM 2002, June 2002. to appear.
46
Ratul Mahajan , Steven M. Bellovin , Sally Floyd , John Ioannidis , Vern Paxson , Scott Shenker, Controlling high bandwidth aggregates in the network, ACM SIGCOMM Computer Communication Review, v.32 n.3, p.62-73, July 2002  [doi>10.1145/571697.571724]
 
47
G. R. Malan, D. Watson, F. Jahanian, and P. Howell. Transport and Application Protocol Scrubbing. In Proceedings of INFOCOM 2000, pages 1381--1390, 2000.
 
48
Mazu Networks. Mazu Technical White Papers. http://www.mazunetworks.com/white_papers/.
 
49
McAfee. Personal Firewall. http://www.mcafee.com/myapps/firewall/ov_firewall.asp
 
50
Catherine Meadows, A Formal Framework and Evaluation Method for Network Denial of Service, Proceedings of the 1999 IEEE Computer Security Foundations Workshop, p.4, June 28-30, 1999
 
51
Jelena Mirkovic , Mario Gerla , Peter Reiher, D-ward: source-end defense against distributed denial-of-service attacks, 2003
 
52
Jelena Mirkovic , Gregory Prier , Peter L. Reiher, Attacking DDoS at the Source, Proceedings of the 10th IEEE International Conference on Network Protocols, p.312-321, November 12-15, 2002
 
53
D. Moore. The spread of the code red worm (crv2). http://www.caida.org/analysis/security/codered/coderedv2_analysis.xml.
 
54
D. Moore, G. Voelker, and S. Savage. Inferring Internet Denial-of-Service Activity. In Proceedings of the 2001 USENIX Security Symposium, 2001.
 
55
R. Naraine. Massive DDoS Attack Hit DNS Root Servers, October 2002. http://www.esecurityplanet.com/trends/article/0,10751_1486981,00.html.
 
56
National Infrastructure Protection Center. Advisory 01-014: New Scanning Activity (with W32-Leave.worm) Exploiting SubSeven Victims, June 2001. http://www.nipc.gov/warnings/advisories/2001/01-014.htm.
 
57
E. O'Brien. NetBouncer : A practical client legitimacy-based DDoS defense via ingress filtering. http://www.nai.com/research/nailabs/development-solutions/netbouncer.asp.
58
Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.15-26, August 2001, San Diego, California, United States
59
Vern Paxson, An analysis of using reflectors for distributed denial-of-service attacks, ACM SIGCOMM Computer Communication Review, v.31 n.3, July 2001  [doi>10.1145/505659.505664]
 
60
V. Razmov. Denial of Service Attacks and How to Defend Against Them. http://www.cs.washington.edu/homes/valentin/ papers/DoSAttacks.pdf.
 
61
SANS Institute. NAPTHA: A new type of Denial of Service Attack, December 2000. http://rr.sans.org/threats/naptha2.php.
62
Stefan Savage , David Wetherall , Anna Karlin , Tom Anderson, Practical network support for IP traceback, Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, p.295-306, August 28-September 01, 2000, Stockholm, Sweden
 
63
Christoph L. Schuba , Ivan V. Krsul , Markus G. Kuhn , Eugene H. spafford , Aurobindo Sundaram , Diego Zamboni, Analysis of a Denial of Service Attack on TCP, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.208, May 04-07, 1997
 
64
S. Dietrich, N. Long, and D. Dittrich. An Analysis of the "shaft" distributed denial of service tool. In Proceedings of LISA 2000, 2000. http://www.adelphi.edu/ spock/shaft-lisa2000.pdf.
65
Alex C. Snoeren, Hash-based IP traceback, Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, p.3-14, August 2001, San Diego, California, United States
 
66
D. X. Song and A. Perrig. Advanced and authenticated marking schemes for IP Traceback. In Proceedings of IEEE Infocom 2001, 2001.
 
67
Sourcefire. Snort: The Open Source Network Intrusion Detection System.
 
68
Oliver Spatscheck , Larry L. Peterson, Defending against denial of service attacks in Scout, Proceedings of the third symposium on Operating systems design and implementation, p.59-72, February 1999, New Orleans, Louisiana, United States
 
69
Stuart Staniford , James A. Hoagland , Joseph M. McAlerney, Practical automated detection of stealthy portscans, Journal of Computer Security, v.10 n.1-2, p.105-136, 2002
 
70
Stuart Staniford , Vern Paxson , Nicholas Weaver, How to Own the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium, p.149-167, August 05-09, 2002
 
71
Tripwire. Tripwire for servers. http://www.tripwire.com/products/servers/.
 
72
N. Weaver. Warhol Worm. http://www.cs.berkeley.edu/nweaver/worms.pdf.
 
73
Matthew M. Williamson, Throttling Viruses: Restricting propagation to defeat malicious mobile code, Proceedings of the 18th Annual Computer Security Applications Conference, p.61, December 09-13, 2002
 
74
J. Yan, S. Early, and R. Anderson. The XenoService - A Distributed Defeat for Distributed Denial of Service. In Proceedings of ISW 2000, Oct. 2000.
75
Vinod Yegneswaran , Paul Barford , Johannes Ullrich, Internet intrusions: global characteristics and prevalence, Proceedings of the 2003 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, June 11-14, 2003, San Diego, CA, USA
 
76
Jussipekka Leiwo , Yuliang Zheng, A Method to Implement a Denial of Service Protection Base, Proceedings of the Second Australasian Conference on Information Security and Privacy, p.90-101, July 07-09, 1997

CITED BY  57
Marek Hejmo , Brian L. Mark , Charikleia Zouridaki , Roshan K. Thomas, Denial-of-service resistant quality-of-service signaling for mobile ad hoc networks, Proceedings of the 2nd ACM workshop on Security of ad hoc and sensor networks, October 25-25, 2004, Washington DC, USA
Patrick Traynor , William Enck , Patrick McDaniel , Thomas La Porta, Mitigating attacks on open functionality in SMS-capable cellular networks, Proceedings of the 12th annual international conference on Mobile computing and networking, September 23-29, 2006, Los Angeles, CA, USA
Anukool Lakhina , Mark Crovella , Christiphe Diot, Characterization of network-wide anomalies in traffic flows, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
Ying Xu , Roch Guérin, On the robustness of router-based denial-of-service (DoS) defense systems, ACM SIGCOMM Computer Communication Review, v.35 n.3, July 2005
Joel Sommers , Vinod Yegneswaran , Paul Barford, A framework for malicious workload generation, Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, October 25-27, 2004, Taormina, Sicily, Italy
Jarmo Mölsä, Mitigating denial of service attacks: a tutorial, Journal of Computer Security, v.13 n.6, p.807-837, December 2005
William Enck , Patrick Traynor , Patrick McDaniel , Thomas La Porta, Exploiting open functionality in SMS-capable cellular networks, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
Patrick Traynor , Patrick McDaniel , Thomas La Porta, On attack causality in internet-connected cellular networks, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
Kejie Lu , Dapeng Wu , Jieyan Fan , Sinisa Todorovic , Antonio Nucci, Robust and efficient detection of DDoS attacks for large-scale internet, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.18, p.5036-5056, December, 2007
Chun-Hsin Wang , Chang-Wu Yu , Chiu-Kuo Liang , Kun-Min Yu , Wen Ouyang , Ching-Hsien Hsu , Yu-Guang Chen, Tracers placement for IP traceback against DDoS attacks, Proceeding of the 2006 international conference on Communications and mobile computing, July 03-06, 2006, Vancouver, British Columbia, Canada
Yogesh Prem Swami , Hannes Tschofenig, Protecting mobile devices from TCP flooding attacks, Proceedings of first ACM/IEEE international workshop on Mobility in the evolving internet architecture, December 01-01, 2006, San Francisco, California
Christos Siaterlis , Vasilis Maglaris, One step ahead to multisensor data fusion for DDoS detection, Journal of Computer Security, v.13 n.5, p.779-806, October 2005
Sherif Khattab , Rami Melhem , Daniel Mossé , Taieb Znati, Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks, Journal of Parallel and Distributed Computing, v.66 n.9, p.1152-1164, September 2006
Zhiqiang Gao , Nirwan Ansari, A practical and robust inter-domain marking scheme for IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.3, p.732-750, February, 2007
Cliff C. Zou , Nick Duffield , Don Towsley , Weibo Gong, Adaptive defense against various network attacks, Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p.10-10, July 07, 2005, Cambridge, MA
Gabriel Maciá-Fernández , Jesús E. Díaz-Verdejo , Pedro García-Teodoro, Evaluation of a low-rate DoS attack against iterative servers, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.4, p.1013-1030, March, 2007
Jeffrey J. Farris , David M. Nicol, Evaluation of secure peer-to-peer overlay routing for survivable SCADA systems, Proceedings of the 36th conference on Winter simulation, December 05-08, 2004, Washington, D.C.
Zhichun Li , Yan Chen , Aaron Beach, Towards scalable and robust distributed intrusion alert fusion with good load balancing, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, p.115-122, September 11-15, 2006, Pisa, Italy
Michael Walfish , Mythili Vutukuru , Hari Balakrishnan , David Karger , Scott Shenker, DDoS defense by offense, ACM SIGCOMM Computer Communication Review, v.36 n.4, October 2006
Falko Dressler, Bio-inspired promoters and inhibitors for self-organized network security facilities, Proceedings of the 1st international conference on Bio inspired models of network, information and computing systems, December 11-13, 2006, Cavalese, Italy
Qijun Gu , Peng Liu , Chao-Hsien Chu, Analysis of area-congestion-based DDoS attacks in ad hoc networks, Ad Hoc Networks, v.5 n.5, p.613-625, July, 2007
Alex Wun , Alex Cheung , Hans-Arno Jacobsen, A taxonomy for denial of service attacks in content-based publish/subscribe systems, Proceedings of the 2007 inaugural international conference on Distributed event-based systems, June 20-22, 2007, Toronto, Ontario, Canada
Guillaume Dewaele , Kensuke Fukuda , Pierre Borgnat , Patrice Abry , Kenjiro Cho, Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures, Proceedings of the 2007 workshop on Large scale attack defense, August 27-27, 2007, Kyoto, Japan
Jan Goebel , Thorsten Holz, Rishi: identify bot contaminated hosts by IRC nickname evaluation, Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, p.8-8, April 10, 2007, Cambridge, MA
Andrea Bottoni , Gianluca Dini , Tage Stabell-Kulø, A methodology for verification of digital items in fair exchange protocols with active trustee, Electronic Commerce Research, v.7 n.2, p.143-164, June 2007
Taieb Znati , James Amadei , Daniel R. Pazehoski , Scott Sweeny, Design and Analysis of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID Environments, Proceedings of the 39th annual Symposium on Simulation, p.2-9, April 02-06, 2006
Masao Tanabe , Masaki Aida, Secure communication method in mobile wireless networks, Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, February 13-15, 2008, Innsbruck, Austria
Amey Shevtekar , Nirwan Ansari, A router-based technique to mitigate reduction of quality (RoQ) attacks, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.5, p.957-970, April, 2008
Xun Wang , Sriram Chellappan , Phillip Boyer , Dong Xuan, On the Effectiveness of Secure Overlay Forwarding Systems under Intelligent Distributed DoS Attacks, IEEE Transactions on Parallel and Distributed Systems, v.17 n.7, p.619-632, July 2006
Glenn Carl , George Kesidis , Richard R. Brooks , Suresh Rai, Denial-of-Service Attack-Detection Techniques, IEEE Internet Computing, v.10 n.1, p.82-89, January 2006
Bai Li , Lynn Batten, Using mobile agents to recover from node and database compromise in path-based DoS attacks in wireless sensor networks, Journal of Network and Computer Applications, v.32 n.2, p.377-387, March, 2009
Roman Chertov , Sonia Fahmy , Ness B. Shroff, Fidelity of network simulation and emulation: A case study of TCP-targeted denial of service attacks, ACM Transactions on Modeling and Computer Simulation (TOMACS), v.19 n.1, p.1-29, December 2008
Patrick Traynor , William Enck , Patrick Mcdaniel , Thomas La Porta, Exploiting open functionality in SMS-capable cellular networks, Journal of Computer Security, v.16 n.6, p.713-742, December 2008
Taieb Znati , James Amadei , Daniel R. Pazehoski , Scott Sweeny, On the Design and Performance of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID and Collaborative Workflow Environments, Simulation, v.83 n.3, p.291-303, March 2007
Soon Hin Khor , Nicolas Christin , Tina Wong , Akihiro Nakao, Power to the people: securing the internet one edge at a time, Proceedings of the 2007 workshop on Large scale attack defense, August 27-27, 2007, Kyoto, Japan
Daniel Boteanu , Edouard Reich , Jose M. Fernandez , John McHugh, Implementing and testing dynamic timeout adjustment as a dos counter-measure, Proceedings of the 2007 ACM workshop on Quality of protection, October 29-29, 2007, Alexandria, Virginia, USA
André O. Castelucio , Ronaldo M. Salles , Artur Ziviani, Evaluating the partial deployment of an AS-level IP traceback system, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
Lawan A. Mohammed , Biju Issac, Detailed DoS attacks in wireless networks and countermeasures, International Journal of Ad Hoc and Ubiquitous Computing, v.2 n.3, p.157-166, February 2007
Ivan Martinovic , Frank A. Zdarsky , Matthias Wilhelm , Christian Wegmann , Jens B. Schmitt, Wireless client puzzles in IEEE 802.11 networks: security by wireless, Proceedings of the first ACM conference on Wireless network security, March 31-April 02, 2008, Alexandria, VA, USA
Richard J Barnett , Barry Irwin, Towards a taxonomy of network scanning techniques, Proceedings of the 2008 annual research conference of the South African Institute of Computer Scientists and Information Technologists on IT research in developing countries: riding the wave of technology, p.1-7, October 06-08, 2008, Wilderness, South Africa
Chwan-Hwa John Wu , Chun-Ching Andy Huang , J. David Irwin, Using Identity-Based Privacy-Protected Access Control Filter (IPACF) to against denial of service attacks and protect user privacy, Proceedings of the 2007 spring simulation multiconference, p.362-369, March 25-29, 2007, Norfolk, Virginia
Ruiliang Chen , Jung-Min Park , Randolph Marchany, A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks, IEEE Transactions on Parallel and Distributed Systems, v.18 n.5, p.577-588, May 2007
Anh Le , Raouf Boutaba , Ehab Al-Shaer, Correlation-based load balancing for network intrusion detection and prevention systems, Proceedings of the 4th international conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey
Chris Bronk, Hacking the Nation-State: Security, Information Technology and Policies of Assurance, Information Security Journal: A Global Perspective, v.17 n.3, p.132-142, May 2008
Patrick Traynor , William Enck , Patrick McDaniel , Thomas La Porta, Mitigating attacks on open functionality in SMS-capable cellular networks, IEEE/ACM Transactions on Networking (TON), v.17 n.1, p.40-53, February 2009
Arjan Durresi , Vamsi Paruchuri , Leonard Barolli, Fast autonomous system traceback, Journal of Network and Computer Applications, v.32 n.2, p.448-454, March, 2009
B. B. Gupta , R. C. Joshi , Manoj Misra, An efficient analytical solution to thwart DDoS attacks in public domain, Proceedings of the International Conference on Advances in Computing, Communication and Control, January 23-24, 2009, Mumbai, India
Andrew G. Miklas , Stefan Saroiu , Alec Wolman , Angela Demke Brown, Bunker: a privacy-oriented platform for network tracing, Proceedings of the 6th USENIX symposium on Networked systems design and implementation, p.29-42, April 22-24, 2009, Boston, Massachusetts
Ioannis Ch. Paschalidis , Georgios Smaragdakis, Spatio-temporal network anomaly detection by assessing deviations of empirical measures, IEEE/ACM Transactions on Networking (TON), v.17 n.3, p.685-697, June 2009
Tao Peng , Christopher Leckie , Kotagiri Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Computing Surveys (CSUR), v.39 n.1, p.3-es, 2007
Sven Ehlert , Yacine Rebahi , Thomas Magedanz, Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks, International Journal of Security and Networks, v.4 n.3, p.189-200, July 2009
Vicky Laurens , Alexandre Miege , Abdulmotaleb El Saddik , Pulak Dhar, DDoSniffer: Detecting DDoS attack at the source agents, International Journal of Advanced Media and Communication, v.3 n.3, p.290-311, July 2009
Guoxing Zhang , Shengming Jiang , Gang Wei , Quansheng Guan, A prediction-based detection algorithm against distributed denial-of-service attacks, Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly, June 21-24, 2009, Leipzig, Germany
Matthias Baumgart , Christian Scheideler , Stefan Schmid, A DoS-resilient information system for dynamic data management, Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures, August 11-13, 2009, Calgary, AB, Canada
Gabriel Maciá-Fernández , Jesús E. Díaz-Verdejo , Pedro García-Teodoro, Mathematical model for low-rate DoS attacks against application servers, IEEE Transactions on Information Forensics and Security, v.4 n.3, p.519-529, September 2009
Anjali Sardana , Ramesh Joshi, An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks, Computer Communications, v.32 n.12, p.1384-1399, July, 2009
Chwan-Hwa 'John' Wu , Tong Liu , Chun-Ching 'Andy' Huang , J. David Irwin, Modelling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPACF) capability to resist massive denial of service attacks, International Journal of Information and Computer Security, v.3 n.2, p.195-223, October 2009
Collaborative Colleagues:
Jelena Mirkovic: colleagues
Peter Reiher: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player