ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Practical network support for IP traceback
Full text PdfPdf (167 KB)
Source Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication table of contents
Stockholm, Sweden
Pages: 295 - 306  
Year of Publication: 2000
ISBN:1-58113-223-9
Also published in ...
Authors
Stefan Savage  Department of Computer Science and Engineering, University of Washington, Seattle, WA
David Wetherall  Department of Computer Science and Engineering, University of Washington, Seattle, WA
Anna Karlin  Department of Computer Science and Engineering, University of Washington, Seattle, WA
Tom Anderson  Department of Computer Science and Engineering, University of Washington, Seattle, WA
Sponsor
SIGCOMM: ACM Special Interest Group on Data Communication
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 23,   Downloads (12 Months): 236,   Citation Count: 121
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues   peer to peer  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/347059.347560
What is a DOI?

ABSTRACT

This paper describes a technique for tracing anonymous packet flooding attacks in the Internet back towards their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or ``spoofed'', source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed ``post-mortem'' -- after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
F. Baker. Requirements for IP Version 4 Routers. RFC 1812, June 1995.
 
2
Gaurav Banga , Peter Druschel , Jeffrey C. Mogul, Resource containers: a new facility for resource management in server systems, Proceedings of the third symposium on Operating systems design and implementation, p.45-58, February 1999, New Orleans, Louisiana, United States
3
S. M. Bellovin, Security problems in the TCP/IP protocol suite, ACM SIGCOMM Computer Communication Review, v.19 n.2, p.32-48, April 1, 1989  [doi>10.1145/378444.378449]
 
4
S. M. Bellovin. ICMP Traceback Messages. Internet Draft: draft-bellovin-itrace-00.txt, Mar. 2000.
 
5
R. Braden. Requirements for Internet Hosts - Communication Layers. RFC 1122, Oct. 1989.
 
6
H. Burch and B. Cheswick. Tracing Anonymous Packets to Their Approximate Source. Unpublished paper, Dec. 1999.
 
7
Robert L. Carter , Mark E. Crovella, Server Selection Using Dynamic Path Characterization in Wide-Area Networks, Proceedings of the INFOCOM '97. Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Driving the Information Revolution, p.1014, April 09-11, 1997
 
8
B. Cheswick and H. Burch. Internet Mapping Project. http://cm.bell-labs.com/who/ches/map/ index.html, 2000.
 
9
Cisco Systems. Configuring TCP Intercept (Prevent Denial-of-Service Attacks). Cisco IOS Documentation, Dec. 1997.
 
10
K. Claffy and S. McCreary. Sampled Measurements from June 1999 to December 1999 at the AMES Inter-exchange Point. Personal Communication, Jan. 2000.
 
11
Computer Emergency Response Team. CERT Advisory CA-96.26 Denial-of-Service Attack via pings. http://www.cert.org/advisories/CA-96.26. ping.html, Dec. 1996.
 
12
Computer Emergency Response Team. CERT Advisory CA-97.28 IP Denial-of-Service Attacks. http://www. cert.org/advisories/CA-97.28.smurf.html, Dec. 1997.
 
13
Computer Emergency Response Team. CERT Advisory CA-98.01 smurf IP Denial-of-Service Attacks. http://www.cert.org/advisories/CA-98.01. smurf.html, Jan. 1998.
 
14
Computer Emergency Response Team. CERT Advisory CA-2000-01 Denial-of-Service Developments. http:// www.cert.org/advisories/CA-2000-01.html, Jan. 2000.
 
15
Computer Emergency Response Team. CERT Incident Note IN-2000-04 Denial-of-Service Attacks using Nameservers. http://www.cert.org/incident_notes/ IN-200-04.html, Apr. 2000.
 
16
Computer Security Institute and Federal Bureau of Investigation. 1999 CSI/FBI Computer Crime and Security Survey. Computer Security Institute publication, Mar. 1999.
 
17
Cooperative Associationfor Internet Data Analysis. Skitter Analysis. http: //www.caida.org/Tools/Skitter/Summary/, 2000.
 
18
S. Deering. Internet protocol, version 6 (ipv6). RFC 2460, Dec. 1998.
 
19
W. Feller. An Introduction to Probability Theory and Its Applications (2nd edition), volume 1. Wiley and Sons, 1966.
 
20
P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2267, Jan. 1998.
 
21
J. Glave. Smurfing Cripples ISPs. Wired Technolgy News: (http://www.wired.com/news/news/ technology/story/9506.html), Jan. 1998.
 
22
I. Goldberg and A. Shostack. Freedom Network 1.0 Architecture and Protocols. Zero-Knowledge Systems White Paper, Nov. 1999.
 
23
R. Govindan and H. Tangmunarunkit. Heuristics for Internet Map Discovery. In Proceedings of the 2000 IEEE INFOCOM Conference, Tel Aviv, Israel, Mar. 2000.
 
24
L. T. Heberlein and M. Bishop. Attack Class: Address Spoofing. In 1996 National Information Systems Security Conference, pages 371-378, Baltimore, MD, Oct. 1996.
 
25
John Douglas Howard, An analysis of security incidents on the Internet 1989-1995, Carnegie Mellon University, Pittsburgh, PA, 1998
 
26
P. Karn and W. Simpson. Photuris: Session-Key Management Protocol. RFC 2522, Mar. 1999.
27
C. A. Kent , J. C. Mogul, Fragmentation considered harmful, Proceedings of the ACM workshop on Frontiers in computer communications technology, p.390-401, August 11-13, 1987, Stowe, Vermont, United States
 
28
S. Kent and R. Atkinson. Security architecture for the internet protocol. RFC 2401, Nov. 1998.
 
29
Catherine Meadows, A Formal Framework and Evaluation Method for Network Denial of Service, Proceedings of the 1999 IEEE Computer Security Foundations Workshop, p.4, June 28-30, 1999
 
30
J. Mogul and S. Deering. Path MTU Discovery. RFC 1191, Nov. 1990.
 
31
R. T. Morris. A Weakness in the 4.2BSD Unix TCP/IP Software. Technical Report Computer Science #117, AT&T Bell Labs, Feb. 1985.
 
32
Vern Paxson, End-to-end routing behavior in the Internet, IEEE/ACM Transactions on Networking (TON), v.5 n.5, p.601-615, Oct. 1997  [doi>10.1109/90.649563]
 
33
C. Perkins. IP Mobility Support. RFC 2002, Oct. 1996.
 
34
J. Postel. Internet Protocol. RFC 791, Sept. 1981.
 
35
M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous Connections and Onion Routing. IEEE Journal on Selected Areas in Communications, 16(4):482-494, May 1998.
 
36
E. C. Rosen, Y. Rekhter, D. Tappan, D. Farinacci, G. Fedorkow, T. Li, and A. Conta. MPLS Label Stack Encoding. Internet Draft: draft-ietf-mpls-label-encaps-07.txt (expires March 2000), Sept. 1998.
 
37
G. Sager. Security Fun with OCxmon and cflowd. Presentation at the Internet 2 Working Group, Nov. 1998.
 
38
Oliver Spatscheck , Larry L. Peterson, Defending against denial of service attacks in Scout, Proceedings of the third symposium on Operating systems design and implementation, p.59-72, February 1999, New Orleans, Louisiana, United States
 
39
S. Staniford-Chen , L. T. Heberlein, Holding intruders accountable on the Internet, Proceedings of the 1995 IEEE Symposium on Security and Privacy, p.39, May 08-10, 1995
40
Ion Stoica , Hui Zhang, Providing guaranteed services without per flow management, Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication, p.81-94, August 30-September 03, 1999, Cambridge, Massachusetts, United States
 
41
R. Stone. CenterTrack: An IP Overlay Network for Tracking DoS Floods. In to appear in Proceedings of thje 2000 USENIX Security Symposium, Denver, CO, July 2000.
 
42
W. Theilmann and K. Rothermel. Dynamic Distance Maps of the Internet. In Proceedings of the 2000 IEEE INFOCOM Conference, Tel Aviv, Israel, Mar. 2000.
 
43
C. Villamizar. Personal Communication, Feb. 2000.
44
Marco de Vivo , Eddy Carrasco , Germinal Isern , Gabriela O. de Vivo, A review of port scanning techniques, ACM SIGCOMM Computer Communication Review, v.29 n.2, April 1999  [doi>10.1145/505733.505737]
 
45
Y. Zhang and V. Paxson. Stepping Stone Detection. In to appear in Proceedings of thje 2000 USENIX Security Symposium, Denver, CO, July 2000.

CITED BY  121
 
Miao Ma, Tabu marking scheme to speedup IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.18, p.3536-3549, 21 December 2006
 
Qijun Gu , Peng Liu , Chao-Hsien Chu, Analysis of area-congestion-based DDoS attacks in ad hoc networks, Ad Hoc Networks, v.5 n.5, p.613-625, July, 2007
Xinyuan Wang, The loop fallacy and serialization in tracing intrusion connections through stepping stones, Proceedings of the 2004 ACM symposium on Applied computing, March 14-17, 2004, Nicosia, Cyprus
Sylvia Ratnasamy , Scott Shenker , Steven McCanne, Towards an evolvable internet architecture, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
 
Xin Jin , Yaoxue Zhang , Yi Pan , Yuezhi Zhou, ZSBT: a novel algorithm for tracing DoS attackers in MANETs, EURASIP Journal on Wireless Communications and Networking, v.2006 n.2, p.82-82, April 2006
 
Mehmet H. Gunes , Sevcan Bilir , Kamil Sarac , Turgay Korkmaz, A measurement study on overhead distribution of value-added internet services, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.14, p.4153-4173, October, 2007
 
Tatsuya Baba , Shigeyuki Matsuda, Tracing Network Attacks to Their Sources, IEEE Internet Computing, v.6 n.2, p.20-26, March 2002
 
Shigang Chen , Yibei Ling , Randy Chow , Ye Xia, AID: A global anti-DoS service, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.15, p.4252-4269, October, 2007
Vrizlynn L. L. Thing , Morris Sloman , Naranker Dulay, Non-intrusive IP traceback for DDoS attacks, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
 
O. Demir , M. R. Head , K. Ghose , G. Govindaraju, Protecting Grid Data Transfer Services with Active Network Interfaces, Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, p.9-16, November 13-14, 2005
Tarik Taleb , Zubair Md. Fadlullah , Kazuo Hashimoto , Yoshiaki Nemoto , Nei Kato, Tracing back attacks against encrypted protocols, Proceedings of the 2007 international conference on Wireless communications and mobile computing, August 12-16, 2007, Honolulu, Hawaii, USA
 
Yacine Djemaiel , Slim Rekhis , Noureddine Boudriga, Adaptive and selective packet marking in communication networks, Proceedings of the 9th WSEAS International Conference on Communications, p.1-6, July 14-16, 2005, Athens, Greece
 
Xinyuan Wang, The loop fallacy and deterministic serialisation in tracing intrusion connections through stepping stones, International Journal of Security and Networks, v.1 n.3/4, p.184-197, December 2006
 
Seung Chul Han , Puneet Zaroo , David K. Y. Yau , Yu Dong , Prem Gopalan , John C. S. Lui, Quality of service provisioning for composable routing elements, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.13, p.2255-2270, 15 September 2006
 
Udaya Kiran Tupakula , Vijay Varadharajan, Analysis of traceback techniques, Proceedings of the 2006 Australasian workshops on Grid computing and e-research, p.115-124, January 16-19, 2006, Hobart, Tasmania, Australia
 
Udaya Kiran Tupakula , Vijay Varadharajan, Tracing DDoS Floods: An Automated Approach, Journal of Network and Systems Management, v.12 n.1, p.111-135, March 2004
 
Kejie Lu , Dapeng Wu , Jieyan Fan , Sinisa Todorovic , Antonio Nucci, Robust and efficient detection of DDoS attacks for large-scale internet, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.18, p.5036-5056, December, 2007
 
Craig A. Shue , Minaxi Gupta , Matthew P. Davy, Packet forwarding with source verification, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.52 n.8, p.1567-1582, June, 2008
 
Shigang Chen , Qingguo Song, Perimeter-Based Defense against High Bandwidth DDoS Attacks, IEEE Transactions on Parallel and Distributed Systems, v.16 n.6, p.526-537, June 2005
Venkata N. Padmanabhan , Daniel R. Simon, Secure traceroute to detect faulty or malicious routing, ACM SIGCOMM Computer Communication Review, v.33 n.1, p.77-82, January 2003
 
Jangwon Lee , Gustavo de Veciana, Scalable multicast based filtering and tracing framework for defeating distributed DoS attacks, International Journal of Network Management, v.15 n.1, p.43-60, January 2005
Xinyuan Wang , Douglas S. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of interpacket delays, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
 
Nick Duffield , Matthias Grossglauser, Trajectory sampling with unreliable reporting, IEEE/ACM Transactions on Networking (TON), v.16 n.1, p.37-50, February 2008
 
Michael T. Goodrich, Probabilistic packet marking for large-scale IP traceback, IEEE/ACM Transactions on Networking (TON), v.16 n.1, p.15-24, February 2008
Thomas W. Doeppner , Philip N. Klein , Andrew Koyfman, Using router stamping to identify the source of IP packets, Proceedings of the 7th ACM conference on Computer and communications security, p.184-189, November 01-04, 2000, Athens, Greece
 
Vasilios A. Siris , Ilias Stavrakis, Provider-based deterministic packet marking against distributed DoS attacks, Journal of Network and Computer Applications, v.30 n.3, p.858-876, August, 2007
Liming Lu , Mun Choon Chan , Ee-Chien Chang, A general model of probabilistic packet marking for IP traceback, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
Yongjin Kim , Ahmed Helmy, Attacker traceback with cross-layer monitoring in wireless multi-hop networks, Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, October 30-30, 2006, Alexandria, Virginia, USA
 
Udaya Kiran Tupakula , Vijay Varadharajan , Ashok Kumar Gajam , Sunil Kumar Vuppala , Pandalaneni Naga Srinivasa Rao, DDoS: design, implementation and analysis of automated model, International Journal of Wireless and Mobile Computing, v.2 n.1, p.72-85, May 2007
 
Terence K. T. Law , John C. S. Lui , David K. Y. Yau, You Can Run, But You Can't Hide: An Effective Statistical Methodology to Trace Back DDoS Attackers, IEEE Transactions on Parallel and Distributed Systems, v.16 n.9, p.799-813, September 2005
Micah Adler, Trade-offs in probabilistic packet marking for IP traceback, Journal of the ACM (JACM), v.52 n.2, p.217-244, March 2005
 
Udaya Kiran Tupakula , Vijay Varadharajan, A practical method to counteract denial of service attacks, Proceedings of the twenty-sixth Australasian conference on Computer science: research and practice in information technology, p.275-284, February 01, 2003, Adelaide, Australia
 
Mimoza Durresi , Leonard Barolli , Vamsi Paruchuri , Arjan Durresi, Scalable traceback against distributed denial of service, International Journal of Web and Grid Services, v.2 n.2, p.221-233, September 2006
 
Abbass Asosheh, Dr. , Naghmeh Ramezani, A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification, WSEAS Transactions on Computers, v.7 n.4, p.281-290, April 2008
 
David K. Y. Yau , John C. S. Lui , Feng Liang , Yeung Yam, Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles, IEEE/ACM Transactions on Networking (TON), v.13 n.1, p.29-42, February 2005
Micah Adler, Tradeoffs in probabilistic packet marking for IP traceback, Proceedings of the thiry-fourth annual ACM symposium on Theory of computing, May 19-21, 2002, Montreal, Quebec, Canada
 
Ben C. B. Chan , John C. F. Lau , John C. S. Lui, OPERA: an open-source extensible router architecture for adding new network services and protocols, Journal of Systems and Software, v.78 n.1, p.24-36, October 2005
 
G. Koutepas , F. Stamatelopoulos , B. Maglaris, Distributed Management Architecture for Cooperative Detection and Reaction to DDoS Attacks, Journal of Network and Systems Management, v.12 n.1, p.73-94, March 2004
Micah Adler , Jeff Edmonds , Jivri Matousek, Towards asymptotic optimality in probabilistic packet marking, Proceedings of the thirty-seventh annual ACM symposium on Theory of computing, May 22-24, 2005, Baltimore, MD, USA
 
Taieb Znati , James Amadei , Daniel R. Pazehoski , Scott Sweeny, Design and Analysis of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID Environments, Proceedings of the 39th annual Symposium on Simulation, p.2-9, April 02-06, 2006
 
Marvin Oliver Schneider , Jacques Calmet, Generic denial of service prevention through a logical fibering algorithm, Proceedings of the 5th WSEAS International Conference on Information Security and Privacy, p.87-91, November 20-22, 2006, Venice, Italy
 
Yingfei Dong , Changho Choi , Zhi-Li Zhang, LIPS: a lightweight permit system for packet source origin accountability, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.18, p.3622-3641, 21 December 2006
 
Haibin Sun , John C. S. Lui , David K. Y. Yau, Distributed mechanism in detecting and defending against the low-rate TCP attack, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.13, p.2312-2330, 15 September 2006
Tom Anderson , Timothy Roscoe , David Wetherall, Preventing Internet denial-of-service with capabilities, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004
Karthik Lakshminarayanan , Daniel Adkins , Adrian Perrig , Ion Stoica, Taming IP packet flooding attacks, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004
Xiaowei Yang , David Wetherall, Source selectable path diversity via routing deflections, ACM SIGCOMM Computer Communication Review, v.36 n.4, October 2006
Kenneth L. Calvert , James Griffioen , Su Wen, Lightweight network support for scalable end-to-end services, ACM SIGCOMM Computer Communication Review, v.32 n.4, October 2002
 
Bin Xiao , Wei Chen , Yanxiang He, An autonomous defense against SYN flooding attacks: Detect and throttle attacks at the victim side independently, Journal of Parallel and Distributed Computing, v.68 n.4, p.456-470, April, 2008
Edmund L. Wong , Praveen Balasubramanian , Lorenzo Alvisi , Mohamed G. Gouda , Vitaly Shmatikov, Truth in advertising: lightweight verification of route integrity, Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing, August 12-15, 2007, Portland, Oregon, USA
 
Jianping Pan , Lin Cai , Xuemin Sherman Shen, Vulnerabilities in distance-indexed IP traceback schemes, International Journal of Security and Networks, v.2 n.1/2, p.81-94, March 2007
 
David D. Clark , John Wroclawski , Karen R. Sollins , Robert Braden, Tussle in cyberspace: defining tomorrow's internet, IEEE/ACM Transactions on Networking (TON), v.13 n.3, p.462-475, June 2005
Michael T. Goodrich, Efficient packet marking for large-scale IP traceback, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
 
Taieb Znati , James Amadei , Daniel R. Pazehoski , Scott Sweeny, On the Design and Performance of an Adaptive, Global Strategy for Detecting and Mitigating Distributed DoS Attacks in GRID and Collaborative Workflow Environments, Simulation, v.83 n.3, p.291-303, March 2007
Vinod Yegneswaran , Paul Barford , Johannes Ullrich, Internet intrusions: global characteristics and prevalence, ACM SIGMETRICS Performance Evaluation Review, v.31 n.1, June 2003
Katerina Argyraki , David R. Cheriton, Loose source routing as a mechanism for traffic policies, Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture, August 30-30, 2004, Portland, Oregon, USA
 
Matthias Bossardt , Thomas Dübendorfer , Bernhard Plattner, Enhanced Internet security by a distributed traffic control service based on traffic ownership, Journal of Network and Computer Applications, v.30 n.3, p.841-857, August, 2007
 
Marianne Shaw, Leveraging good intentions to reduce unwanted network traffic, Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, p.9-9, July 07, 2006, San Jose, CA
Vinay Manivel , Mustaque Ahamad , H. Venkateswaran, Attack resistant cache replacement for survivable services, Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security, p.64-71, October 31-31, 2003, Fairfax, VA
Xiaowei Yang , David Wetherall , Thomas Anderson, A DoS-limiting network architecture, ACM SIGCOMM Computer Communication Review, v.35 n.4, October 2005
 
Kang-Won Lee , Suresh Chari , Anees Shaikh , Sambit Sahu , Pau-Chen Cheng, Improving the resilience of content distribution networks to large scale distributed denial of service attacks, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.10, p.2753-2770, July, 2007
 
Shigang Chen , Yong Tang , Wenliang Du, Stateful DDoS attacks and targeted filtering, Journal of Network and Computer Applications, v.30 n.3, p.823-840, August, 2007
Pai-Hsiang Hsiao , H. T. Kung , Koan-Sin Tan, Video over TCP with receiver-based delay control, Proceedings of the 11th international workshop on Network and operating systems support for digital audio and video, p.199-208, January 2001, Port Jefferson, New York, United States
Alex C. Snoeren, Hash-based IP traceback, ACM SIGCOMM Computer Communication Review, v.31 n.4, p.3-14, October 2001
Neil Spring , Ratul Mahajan , David Wetherall, Measuring ISP topologies with rocketfuel, ACM SIGCOMM Computer Communication Review, v.32 n.4, October 2002
Denh Sy , Lichun Bao, CAPTRA: coordinated packet traceback, Proceedings of the fifth international conference on Information processing in sensor networks, April 19-21, 2006, Nashville, Tennessee, USA
 
T. S. Eugene Ng , Ion Stoica , Hui Zhang, A Waypoint Service Approach to Connect Heterogeneous Internet Address Spaces, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.319-332, June 25-30, 2001
Kihong Park , Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, ACM SIGCOMM Computer Communication Review, v.31 n.4, p.15-26, October 2001
 
David Moore , Geoffrey M. Voelker , Stefan Savage, Inferring internet denial-of-service activity, Proceedings of the 10th conference on USENIX Security Symposium, p.2-2, August 13-17, 2001, Washington, D.C.
 
Neil Spring , Ratul Mahajan , David Wetherall , Thomas Anderson, Measuring ISP topologies with rocketfuel, IEEE/ACM Transactions on Networking (TON), v.12 n.1, p.2-16, February 2004
Ying Xu , Roch Guérin, On the robustness of router-based denial-of-service (DoS) defense systems, ACM SIGCOMM Computer Communication Review, v.35 n.3, July 2005
Jelena Mirkovic , Max Robinson , Peter Reiher, Alliance formation for DDoS defense, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland
 
David Moore , Geoffrey M. Voelker , Stefan Savage, Inferring internet denial-of-service activity, Proceedings of the 10th conference on USENIX Security Symposium, p.2-2, August 13-17, 2001, Washington, D.C.
Heejo Lee , Minjin Kwon , Geoffrey Hasker , Adrian Perrig, BASE: an incrementally deployable mechanism for viable IP spoofing prevention, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
 
Thomer M. Gil , Massimiliano Poletto, MULTOPS: a data-structure for bandwidth attack detection, Proceedings of the 10th conference on USENIX Security Symposium, p.3-3, August 13-17, 2001, Washington, D.C.
 
Thomer M. Gil , Massimiliano Poletto, MULTOPS: a data-structure for bandwidth attack detection, Proceedings of the 10th conference on USENIX Security Symposium, p.3-3, August 13-17, 2001, Washington, D.C.
Drew Dean , Matt Franklin , Adam Stubblefield, An algebraic approach to IP traceback, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.119-137, May 2002
 
Chatree Sangpachatanaruk , Sherif M. Khattab , Taieb Znati , Rami Melhem , Daniel Mossé, Design and analysis of a replicated elusive server scheme for mitigating denial of service attacks, Journal of Systems and Software, v.73 n.1, p.15-29, September 2004
Ratul Mahajan , Steven M. Bellovin , Sally Floyd , John Ioannidis , Vern Paxson , Scott Shenker, Controlling high bandwidth aggregates in the network, ACM SIGCOMM Computer Communication Review, v.32 n.3, p.62-73, July 2002
Xinyuan Wang , Shiping Chen , Sushil Jajodia, Tracking anonymous peer-to-peer VoIP calls on the internet, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
José Brustoloni, Protecting electronic commerce from distributed denial-of-service attacks, Proceedings of the 11th international conference on World Wide Web, May 07-11, 2002, Honolulu, Hawaii, USA
Vern Paxson, An analysis of using reflectors for distributed denial-of-service attacks, ACM SIGCOMM Computer Communication Review, v.31 n.3, July 2001
Kulesh Shanmugasundaram , Hervé Brönnimann , Nasir Memon, Payload attribution via hierarchical bloom filters, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
Jun Li , Dejing Dou , Zhen Wu , Shiwoong Kim , Vikash Agarwal, An internet routing forensics framework for discovering rules of abnormal BGP events, ACM SIGCOMM Computer Communication Review, v.35 n.5, October 2005
André O. Castelucio , Ronaldo M. Salles , Artur Ziviani, Evaluating the partial deployment of an AS-level IP traceback system, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
 
Sven Dietrich , Neil Long , David Dittrich, Analyzing Distributed Denial of Service Tools: The Shaft Case, Proceedings of the 14th USENIX conference on System administration, December 03-08, 2000, New Orleans, Louisiana
 
Hung-Yuan Hsu , Sencun Zhu , Ali R. Hurson, LIP: a lightweight interlayer protocol for preventing packet injection attacks in mobile ad hoc network, International Journal of Security and Networks, v.2 n.3/4, p.202-215, April 2007
 
Seong Soo Kim , A. L. Narasimha Reddy, Statistical techniques for detecting traffic anomalies through packet header data, IEEE/ACM Transactions on Networking (TON), v.16 n.3, p.562-575, June 2008
 
Florian P. Buchholz , Clay Shields, Providing Process Origin Information to Aid in Network Traceback, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.261-274, June 10-15, 2002
Limin Wang , Vivek Pai , Larry Peterson, The effectiveness of request redirection on CDN robustness, ACM SIGOPS Operating Systems Review, v.36 n.SI, Winter 2002
Christos Siaterlis , Basil Maglaris, Towards multisensor data fusion for DoS detection, Proceedings of the 2004 ACM symposium on Applied computing, March 14-17, 2004, Nicosia, Cyprus
Limin Wang , Vivek Pai , Larry Peterson, The effectiveness of request redirection on CDN robustness, Proceedings of the 5th symposium on Operating systems design and implementation

Due to copyright restrictions we are not able to make the PDFs for this conference available for downloading

, December 09-11, 2002, Boston, Massachusetts
Felipe Huici , Mark Handley, An edge-to-edge filtering architecture against DoS, ACM SIGCOMM Computer Communication Review, v.37 n.2, April 2007
 
Daniel R. Simon , Sharad Agarwal , David A. Maltz, AS-based accountability as a cost-effective DDoS defense, Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, p.9-9, April 10, 2007, Cambridge, MA
 
Vyas Sekar , Michael K. Reiter , Walter Willinger , Hui Zhang , Ramana Rao Kompella , David G. Andersen, CSAMP: a system for network-wide flow monitoring, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.233-246, April 16-18, 2008, San Francisco, California
 
Jenshiuh Liu , Zhi-Jian Lee , Yeh-Ching Chung, Dynamic probabilistic packet marking for efficient IP traceback, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.3, p.866-882, February, 2007
 
K. G. Anagnostakis , M. B. Greenwald , S. Ioannidis , D. Li , J. M. Smith, Flexible network monitoring with FLAME, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.14, p.2548-2563, 5 October 2006
Brent Waters , Ari Juels , J. Alex Halderman , Edward W. Felten, New client puzzle outsourcing techniques for DoS resistance, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
William G. Morein , Angelos Stavrou , Debra L. Cook , Angelos D. Keromytis , Vishal Misra , Dan Rubenstein, Using graphic turing tests to counter automated DDoS attacks against web servers, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
XiaoFeng Wang , Michael K. Reiter, Mitigating bandwidth-exhaustion attacks using congestion puzzles, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
Wesley M. Eddy , Shawn Ostermann , Mark Allman, New techniques for making transport protocols robust to corruption-based loss, ACM SIGCOMM Computer Communication Review, v.34 n.5, p.75-88, October 2004
Alefiya Hussain , John Heidemann , Christos Papadopoulos, A framework for classifying denial of service attacks, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, August 25-29, 2003, Karlsruhe, Germany
 
Florian P. Buchholz , Clay Shields, Providing process origin information to aid in computer forensic investigations, Journal of Computer Security, v.12 n.5, p.753-776, September 2004
 
Alefiya Hussain , John Heidemann , Christos Papadopoulos, Distinguishing between single and multi-source attacks using signal processing, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.46 n.4, p.479-503, 15 November 2004
Brian Carrier , Clay Shields, The session token protocol for forensics and traceback, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.333-362, August 2004
 
Seny Kamara , Darren Davis , Lucas Ballard , Ryan Caudy , Fabian Monrose, An Extensible Platform for Evaluating Security Protocols, Proceedings of the 38th annual Symposium on Simulation, p.204-213, April 04-06, 2005
Neil Daswani , Hector Garcia-Molina, Query-flood DoS attacks in gnutella, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
Patrick Traynor , William Enck , Patrick McDaniel , Thomas La Porta, Mitigating attacks on open functionality in SMS-capable cellular networks, Proceedings of the 12th annual international conference on Mobile computing and networking, September 23-29, 2006, Los Angeles, CA, USA
 
Jun Xu , Wooyong Lee, Sustaining Availability of Web Services under Distributed Denial of Service Attacks, IEEE Transactions on Computers, v.52 n.2, p.195-208, February 2003
Cheng Jin , Haining Wang , Kang G. Shin, Hop-count filtering: an effective defense against spoofed DDoS traffic, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
 
Miguel A. Lejeune, Awareness of Distributed Denial of Service Attacks' Dangers: Role of Internet Pricing Mechanisms, Netnomics, v.4 n.2, p.145-162, November 2002
 
Angelos Stavrou , Debra L. Cook , William G. Morein , Angelos D. Keromytis , Vishal Misra , Dan Rubenstein, WebSOS: an overlay-based system for protecting web servers from denial of service attacks, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.48 n.5, p.781-807, 5 August 2005
 
Sherif Khattab , Rami Melhem , Daniel Mossé , Taieb Znati, Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks, Journal of Parallel and Distributed Computing, v.66 n.9, p.1152-1164, September 2006
 
Xin Liu , Ang Li , Xiaowei Yang , David Wetherall, Passport: secure and adoptable source authentication, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.365-378, April 16-18, 2008, San Francisco, California
 
Haining Wang , Cheng Jin , Kang G. Shin, Defense against spoofed IP traffic using hop-count filtering, IEEE/ACM Transactions on Networking (TON), v.15 n.1, p.40-53, February 2007
 
Patrick Traynor , Patrick McDaniel , Thomas La Porta, On attack causality in internet-connected cellular networks, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
Xuan Chen , John Heidemann, Flash crowd mitigation via adaptive admission control based on application-level observations, ACM Transactions on Internet Technology (TOIT), v.5 n.3, p.532-569, August 2005
Ratul Mahajan , Neil Spring , David Wetherall , Thomas Anderson, User-level internet path diagnosis, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
 
Haining Wang , Danlu Zhang , Kang G. Shin, Change-Point Monitoring for the Detection of DoS Attacks, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.193-208, October 2004
William Enck , Patrick Traynor , Patrick McDaniel , Thomas La Porta, Exploiting open functionality in SMS-capable cellular networks, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
 
Christos Siaterlis , Vasilis Maglaris, One step ahead to multisensor data fusion for DDoS detection, Journal of Computer Security, v.13 n.5, p.779-806, October 2005
Jelena Mirkovic , Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols

          Nouns: TCP/IP

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)
      C.2.1 Network Architecture and Design
          Subjects: Packet-switching networks

  G. Mathematics of Computing
  G.2 DISCRETE MATHEMATICS
      G.2.2 Graph Theory
          Subjects: Path and circuit problems

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS


General Terms:
Algorithms, Design, Experimentation, Measurement, Performance, Security, Standardization, Theory

Collaborative Colleagues:
Stefan Savage: colleagues
David Wetherall: colleagues
Anna Karlin: colleagues
Tom Anderson: colleagues

Peer to Peer - Readers of this Article have also read:
This Article has also been published in:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat