Honeypot back-propagation for mitigating spoofing distributed Denial-of-Service attacks

Journal of Parallel and Distributed Computing

Volumn 66, Issue 9, 2006, Pages 1152-1164

  Khattab, Sherif ^a   Melhem, Rami ^a   Mossé, Daniel ^a   Znati, Taieb ^a,b  

^a University of Pittsburgh   (United States)

^b UNIVERSITY OF PITTSBURGH   (United States)

Author keywords

Denial of Service attacks; Honeypots; Network security; Traceback

Indexed keywords

BANDWIDTH; INTERNET; PACKET NETWORKS; PROBLEM SOLVING; SECURITY SYSTEMS;

DENIAL-OF-SERVICE ATTACKS; HONEYPOTS; NETWORK SECURITY; TRACEBACK;

INFORMATION SERVICES;

EID: 33746954566     PISSN: 07437315     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jpdc.2006.04.016     Document Type: Article

References (51)

1. S. Agarwal, T. Dawson, C. Tryfonas, DDoS mitigation via regional cleaning centers, Technical Report, RR04-ATL-013177, SPRINT ATL Research (January 2004).
2. S.M. Bellovin, M. Leech, T. Taylor, ICMP traceback messages, in: draft-ietf-itrace-01.txt, internet-draft, October 2001. Expired draft.
3. A. Bremler-Barr, H. Levy, Spoofing prevention method, in: IEEE INFOCOM, 2005.
4. H. Burch, B. Cheswisk, Tracing anonymous packets to their approximate source, in: Proceedings of the 14th Systems Administration Conference (LISA), 2000.
5. CAIDA, Nameserver DoS Attack, 〈http://www.caida.org/funding/dns-analysis/oct02dos.xml〉 (October 2002).
6. CAIDA, SCO Offline from Denial-of-Service Attack, 〈http://www.caida.org/analysis/security/sco-dos/〉 (December 2003).
7. CERT, MS-SQL Server Worm, Advisory CA-2003-04, 〈http://www.cert.org/advisories/CA-2003-04.html〉 (January 2003).
8. W. chang Feng, The case for TCP/IP puzzles, in: Proceedings of the ACM SIGCOMM Workshop on Future Directions in Network Architecture, 2003, pp. 322-327.
9. CISCO, CISCO Group Management Protocol (CGMP), available at: 〈http://www.cisco.com/warp/public/473/22.html〉 (2006).
10. Cooperative Association for Internet Data Analysis, 〈http://www.caida.org/〉.
11. Dean D., Franklin M., and Stubblefield A. An algebraic approach to IP traceback. ACM Trans. Inf. Syst. Secur. 5 2 (2002) 119-137
12. D. Farinacci, T. Li, S. Hanks, D. Meyer, P. Traina, Generic routing encapsulation (GRE), in: RFC 2784, 2000.
13. P. Ferguson, D. Senie, Network ingress filtering: defeating denial of service attacks which employ IP Source Address Spoofing, in: RFC 2827, 2001.
14. Internet Mapping Project, 〈http://research.lumeta.com/ches/map/〉 (2004).
15. J. Ioannidis, S.M. Bellovin, Implementing pushback: router-based defense against DDoS attacks, in: Proceedings of Network and Distributed System Security Symposium (NDSS), 2002.
16. S. Kent, R. Atkinson, Security architecture for the Internet protocol, in: RFC 2401, 1998.
17. A. Keromytis, V. Misra, D. Rubenstein, SOS: secure overlay services, in: ACM SIGCOMM, 2002.
18. S.M. Khattab, R. Melhem, D. Mossé, T. Znati, Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks, in: Proceedings of the Second International Workshop on Security in Systems and Networks (SSN'06) (April 2006).
19. S.M. Khattab, C. Sangpachatanaruk, R. Melhem, D. Mossé, T. Znati, Proactive server roaming for mitigating denial-of-service attacks, in: Proceedings of the International Conference on Information Technology: Research and Education (ITRE), 2003.
20. S.M. Khattab, C. Sangpachatanaruk, R. Melhem, D. Mossé, T. Znati, Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks, Technical Report, TR-04-111, Department of Computer Science, University of Pittsburgh (September 2004).
21. S.M. Khattab, C. Sangpachatanaruk, D. Mossé, R. Melhem, T. Znati, Roaming honeypots for mitigating service-level denial-of-service attacks, in: Proceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04), March 2004.
22. S.M. Khattab, C. Sangpachatanaruk, D. Mossé, R. Melhem, T. Znati, Roaming honeypots for mitigating service-level denial-of-service attacks, under submission, available at: 〈http://www.cs.pitt.edu/skhattab/roaming.pdf〉 (2006).
23. B. Krishnamurthy, Mohonk: mobile honeypots to trace unwanted traffic early, in: Proceedings of the ACM SIGCOMM Workshop on Network Troubleshooting (NetT '04), 2004, pp. 277-282.
24. A. Kuzmanovic, E. W. Knightly, Low-rate TCP-targeted denial of service attacks. (The Shrew vs. the Mice and Elephants), in: ACM SIGCOMM, 2003.
25. J. Levine, R. LaBella, H. Owen, D. Contis, B. Culver, The use of honeynets to detect exploited systems across large enterprise networks, in: Proceedings of the IEEE Workshop on Information Assurance and Security, 2002.
26. J. Li, M. Sung, J. Xu, L. Li, Large-Scale IP traceback in high-speed internet: practical techniques and theoretical foundation, in: Proceedings of IEEE Symposium on Security and Privacy, 2004.
27. Mahajan R., Bellovin S.M., Floyd S., Ioannidis J., Paxson V., and Shenker S. Controlling high bandwidth aggregates in the network. ACM SIGCOMM CCR 32 3 (2002) 62-73
28. Mirkovic J., and Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM CCR 34 2 (2004) 39-53
29. NetSec Group, 〈http://www.cs.pitt.edu/NETSEC〉.
30. M. Oe, Y. Kadobayashi, S. Yamaguchi, An implementation of a hierarchical IP traceback architecture, in: Proceedings of the Symposium on Applications and the Internet Workshops (SAINT) Workshop on IPv6 and Applications, 2003.
31. K. Park, H. Lee, On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, in: IEEE INFOCOM, 2001, pp. 338-347.
32. K. Park, H. Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, in: ACM SIGCOMM, 2001.
33. C. Perkins, IP mobility support, in: RFC 2002, 1996.
34. A. Perrig, D. Song, A. Yaar, StackPi: a new defense mechanism against IP spoofing and DDoS attacks, Technical Report, CMU-CS-02-208, School of Computer Science, Carnegie Mellon, Pittsburgh, PA, USA (December 2002).
35. T.H. Project, Know Your Enemy, Addison-Wisley, Indianapolis, IN, 2002.
36. G. Sager, Security fun with OCxmon and cflowd, Internet2 working group meeting, November 1998.
37. C. Sangpachatanaruk, S.M. Khattab, T. Znati, R. Melhem, D. Mossé, A simulation study of the proactive server roaming for mitigating denial of service attacks, in: Proceedings of the 36th Annual Simulation Symposium (ANSS), 2003.
38. S. Savage, D. Wetherall, A. Karlin, T. Anderson, Practical network support for IP traceback, in: ACM SIGCOMM, 2000.
39. V. Siris, I. Stavrakis, Provider-based deterministic packet marking against distributed DoS attacks, in: Proceedings of the International Workshop on Security in Systems and Networks (SSN), 2005.
40. A.C. Snoeren, H. Balakrishnan, M.F. Kaashoek, The migrate approach to Internet mobility, in: Proceedings of the Oxygen Student Workshop, 2001.
41. Snoeren A.C., Partridge C., Sanchez L.A., Jones C.E., Tchakountio F., Schwartz B., Kent S.T., and Strayer W.T. Single-packet IP traceback. IEEE/ACM Transactions on Networking 10 6 (2002) 721-734
42. Snort, 〈http://www.snort.com〉 (2004).
43. D.X. Song, A. Perrig, Advanced and authenticated marking schemes for IP traceback, in: IEEE INFOCOM, 2001.
44. S. Staniford, V. Paxson, N. Weaver, How to own the Internet in your spare time, in: Proceedings of the 11th USENIX Security Symposium, 2002.
45. R. Stone, CenterTrack: An IP overlay network for tracking DoS floods, in: Proceedings of the Ninth USENIX Security Symposium, 2000.
46. F. Sultan, K. Srinivasan, D. Iyer, L. Iftode, Migratory TCP: connection migration for service continuity in the Internet, in: Proceedings of the International Conference on Distributed Computing Systems (ICDCS), 2002.
47. The Network Simulator-ns-2, 〈http://www.isi.edu/nsnam/ns/〉.
48. X. Wang, M. Reiter, Mitigating bandwidth-exhaustion attacks using congestion puzzles, in: Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2004.
49. N. Weiler, Honeypots for distributed denial-of-service attacks, in: Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises (WETICE), 2002.
50. A. Yaar, A. Perrig, D. Song, FIT: fast internet traceback, in: IEEE INFOCOM, 2005.
51. D.K.Y. Yau, J.C.S. Lui, F. Liang, Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles, in: Proceedings of the IEEE International Workshop on Quality of Service (IWQoS), 2002.