D-WARD: A source-end defense against flooding denial-of-service attacks

IEEE Transactions on Dependable and Secure Computing

Volumn 2, Issue 3, 2005, Pages 216-232

  Mirkovic, Jelena ^a,b   Reiher, Peter ^a,c  

^a IEEE   (United States)

^b UNIVERSITY OF DELAWARE   (United States)

^c UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Fault tolerance; Network monitoring; Network level security and protection

Indexed keywords

COMPUTER NETWORKS; FAULT TOLERANT COMPUTER SYSTEMS; STATISTICAL METHODS; TELECOMMUNICATION TRAFFIC;

DISTRIBUTED DENIAL-OF-SERVICE (DDOS); NETWORK MONITORING; NETWORK-LEVEL SECURITY AND PROTECTION; SOURCE-END DEFENSE;

SECURITY SYSTEMS;

EID: 27644518127     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2005.35     Document Type: Article

References (38)

1. J. Mirkovic, G. Prier, and P. Reiher, "Attacking DDoS at the Source," Proc. Int'l Conf. Network Protocols, Nov. 2002.
2. J. Mirkovic, "D-Ward: Source-End Defense against Distributed Denial-of-Service Attacks," PhD dissertation, Univ. of California Los Angeles, Aug. 2003, http://lasr.cs.ucla.edu/ddos/dward-thesis.pdf.
3. J. Mirkovic, G. Prier, and P. Reiher, "Challenges of Source-End DDoS Defense," Proc. Int'l Symp. Network Computing and Applications, Apr. 2003.
4. P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing," RFC 2827, May 2000.
5. R. Mahajan, S. Bellovin, S. Floyd, V. Paxson, and S. Shenker, "Controlling High Bandwidth Aggregates in the Network," ACM Computer Comm. Rev., vol. 32, no. 3, July 2002.
6. V. Jacobson, "Congestion Avoidance and Control," ACM Computer Comm. Rev.; Proc. Sigcomm '88 Symp., vol. 18, no. 4, pp. 314-329, Aug. 1988.
7. J. Postel, "User Datagram Protocol," RFC 768, Aug. 1980.
8. Characterization of Internet Traffic Loads, Segregated by Application, CAIDA, http://www.caida.org/analysis/workload/byapplication/, 2002.
9. C. Schuba, I. Krsul, M. Kuhn, G. Spafford, A. Sundaram, and D. Zamboni, "Analysis of a Denial of Service Attack on TCP," Proc. 1997 IEEE Symp. Security and Privacy, May 1997.
10. I.S. Institute, "Transmission Control Protocol," RFC 793, Sept. 1981
11. S. Bellovin, "Defending against Sequence Number Attacks," RFC 1948, May 1996.
12. G. Prier, "iDward: Implementing D-WARD in the IXP," Master's thesis, Univ. of California Los Angeles, 2003.
13. B. White, J. Lepreau, L. Stoller, R. Ricci, S. Guruprasad, M. Newbold, M. Hibler, C. Barb, and A. Joglekar, "An Integrated Experimental Environment for Distributed Systems and Networks," Proc. Fifth Symp. Operating Systems Design and Implementation, pp. 255-270, Dec. 2002.
14. Sourceforge, "tcpreplay Tool," http://tcpreplay.sourceforge. net/, 2000.
15. H. Bos, "tcpreplay-Lite Tool," http://www.cs.vu.nl/~herbertb/ misc/replay/, 2004.
16. DETER/EMIST project Web page, http://www.isi.edu/deter, 2004.
17. NetRanger Overview, Cisco, http://www.cisco.com/univercd/ cc/td/doc/product/iaabu/csids/csids1/csidsug/overview.htm, 2004.
18. Network Intrusion Detector Overview, Computer Incident Advisory Capability, http://ciac.llnl.gov/cstc/nid/intro.html, 2004.
19. Intrusion Detection Security Products, Internet Security Systems, http://www.iss.net/securing_e-business/security_products/ intrusion_detection/ index.php, 2005.
20. NFR Sensitivist Intrusion Détection System, NFR Security, http://www.nfr.com/solutions/sentivist-ids.php, 2003.
21. P.G. Neumann and P.A. Porras, "Experience with EMERALD to DATE," Proc. First USENIX Workshop Intrusion Detection and Network Monitoring, Apr. 1999.
22. S. Liu, Y. Xiong, and P. Sun, "On Prevention of the Denial of Service Attacks: A Control Theoretical Approach," Proc. IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, June 2000.
23. R. Thomas, T. Johnson, J. Croall, and B. Mark, "NetBouncer: Client-legitimacy-based High-performance DDoS Filtering," McA-fee Security J., vol. 6, no. 1, 2004.
24. Mazu Technical White Papers, Mazu Networks, http://www. mazunetworks.com/solutions/white_papers/, 2005.
25. The Peakflow Platform, Arbor Networks, http://www. arbornetworks.com, 1999.
26. A. Juels and J. Brainard, "Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks," Proc. 1999 Networks and Distributed System Security Symp., Mar. 1999.
27. Y.L. Zheng and J. Leiwo, "A Method to Implement a Denial of Service Protection Base," Information Security and Privacy, 1997.
28. O. Spatscheck and L.L. Petersen, "Defending against Denial of Service Attacks in Scout," Proc. Third Symp. Operating Systems Design and Implementation, Feb. 1999.
29. A. Garg and A.L. N. Reddy, "Mitigation of DoS Attacks through QoS Regulation," Proc. IWQOS Workshop, May 2002.
30. F. Lau, S.H. Rubin, M.H. Smith, and L. Trajkovic, "Distributed Denial of Service Attacks," Proc. IEEE Int'l Conf. Systems, Man, and Cybernetics, pp. 2275-2280, Oct. 2000.
31. A.D. Keromytis, V. Misra, and D. Rubenstein, "SOS: Secure Overlay Services," Proc. SIGCOMM 2002, 2002.
32. J. Mirkovic, M. Robinson, and P. Reiher, "Forming Alliance for DDoS Defenses," Proc. New Security Paradigmes Workshop, Aug. 2003.
33. C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, "Cossack: Coordinated Suppression of Simultaneous Attacks," Proc. DARPA Information Survivability Conf. and Exposition (DISCEX) III, 2003.
34. R. Canonico, D. Cotroneo, L. Peluso, S.P. Romano, and G. Ventre, "Programming Routers to Improve Network Security," Proc. OPENSIG 2001 Workshop Next Generation Network Programming, Sept. 2001.
35. D. Schnackenberg, K. Djahandari, and D. Sterne, "Infrastructure for Intrusion Detection and Response," Advanced Security Research J., vol. 3, no. 1, 2001.
36. MANAnet DDoS White Papers, Cs3. Inc, http://www. cs3-inc.com/mananet. html, 2002.
37. T. Peng, C. Leckie, and K. Ramamohanarao, "Defending against Distributed Denial of Service Attack Using Selective Pushback," Proc. Ninth IEEE Int'l Conf. Telecomm. (ICT 2002), 2002.
38. T.M. Gil and M. Poletto, "MULTOPS: A Data-Structure for Bandwidth Attack Detection," Proc. 10th Usenix Security Symp., Aug. 2001.