Adaptive defense against various network attacks

IEEE Journal on Selected Areas in Communications

Volumn 24, Issue 10, 2006, Pages 1877-1887

  Zou, Cliff C ^a,b   Duffield, Nick ^a,c   Towsley, Don ^a,d   Gong, Weibo ^a,d  

^a IEEE   (United States)

^b University of Central Florida   (United States)

^c AT AND T LABS RESEARCH   (United States)

^d UNIVERSITY OF MASSACHUSETTS   (United States)

Author keywords

Adaptive defense; Computer security; Distributed denial of service (DDoS); Internet worm; SYN flood

Indexed keywords

ADAPTIVE DEFENSE; DISTRIBUTED DENIAL-OF-SERVICE (DDOS); INTERNET WORM; SYN FLOOD;

DISTRIBUTED COMPUTER SYSTEMS; PACKET NETWORKS; SECURITY OF DATA; SYSTEMS ANALYSIS;

COMPUTER CRIME;

EID: 33749830235     PISSN: 07338716     EISSN: None     Source Type: Journal    
DOI: 10.1109/JSAC.2006.877137     Document Type: Article

References (25)

1. CERT, CERT/CC advisories. [Online], Available: http://www.cert.org/ advisories/
2. T. M. Gil and M. Poletto, "MULTOPS: A data-structure for bandwidth attack detection," in Proc. USENIX Security Symp., Aug. 2002, pp. 23-38.
3. US Homeland Security Advisory System, [Online], Available: http://www.dhs.gov/dhspublic/display?theme=29
4. C. Jin, H. Wang, and K. G. Shin, "Hop-count filtering: An effective defense against spoofed DDoS traffic," in Proc. 10th ACM Conf. Comput. Commun. Security, Oct. 2003, pp. 30-41.
5. J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, "Fast portscan detection using sequential hypothesis testing," in Proc. IEEE Symp. Security Privacy, May 2004, pp. 211-225.
6. J. Jung, S. E. Schechter, and A. W. Berger, "Fast detection of scanning worm infections," in Proc. 7th Int. Symp. Recent Advances in Intrusion Detection (RAID), Sep. 2004, pp. 59-81.
7. A. Keromytis, V. Misra, and D. Rubenstein, "SOS: Secure overlay services," in Proc. ACM SIGCOMM, Aug. 2002, pp. 61-72.
8. A. Keromytis, V. Misra, and D. Rubenstein, "A framework for classifying denial of service attacks," in Proc. ACM SIGCOMM, Aug. 2003, pp. 99-110.
9. H. Kim and B. Karp, "Autograph : Toward automated, distributed worm signature detection," in Proc. 13th USENIX Security Symp., Aug. 2004, pp. 271-286.
10. Y. Kim, W. Lau, M. Chuah, and H. Chao, "Packetscore: Statistical-based overload control against distributed denial-of-service attacks," in Proc. IEEE INFOCOM, Mar. 2004, pp. 2594-2604.
11. W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok, "Toward cost-sensitive modeling for intrusion detection and response," J. Comput. Security, vol. 10, no. 1, 2, pp. 5-22, 2002.
12. Q. Li, E.-C. Chang, and M. Chan, "On the effectiveness of ddos attacks on statistical filtering," in Proc. IEEE INFOCOM, Mar. 2005, pp. 1373-1383.
13. J. Mirkovic, G. Prier, and P. Reiher, "Attacking DDoS at the source," in Proc. 10th IEEE Int. Conf. Netw. Protocols (ICNP), Nov. 2002, pp. 312-321.
14. J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," in Proc. ACM SIGCOMM Comput. Commun. Rev., 2004, vol. 34, no. 2.
15. D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, "Inside the Slammer worm," IEEE Mag. Security Privacy, vol. 1, no. 4, pp. 33-39, Jul. 2003.
16. D. Moore, C. Shannon, G. M. Voelker, and S. Savage, "Internet quarantine: Requirements for containing self-propagating code," in Proc. IEEE INFOCOM, Mar. 2003, pp. 1901-1910.
17. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical network support for IP traceback," in Proc. ACM SIGCOMM, Aug. 2000, pp. 295-306.
18. S. Singh, C. Estan, G. Varghese, and S. Savage, "Automated worm fingerprinting," in Proc. 6th ACM/USENIX Symp. Operating System Des. Implementation (OSDI), Dec. 2004, pp. 45-60.
19. S. Staniford, "Containment of scanning worms in enterprise networks," J. Comput. Security, to be published.
20. S. Staniford, V. Paxson, and N. Weaver, "How to own the Internet in your spare time," in Proc. USENIX Security Symp., Aug. 2002, pp. 149-167.
21. H. Wang, D. Zhang, and K. G. Shin, "Detecting SYN flooding attacks," in Proc. IEEE INFOCOM, Jun. 2002, pp. 1530-1539.
22. N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, "A taxonomy of computer worms," in Proc. ACM CCS Workshop Rapid Malcode (WORM'03), Oct. 2003, pp. 11-18.
23. N. Weaver, S. Staniford, and V. Paxson, "Very fast containment of scanning worms," in Proc. 13th USENIX Security Symp., Aug. 2004, pp. 29-44.
24. M. M. Williamson, "Throttling viruses: Restricting propagation to defeat mobile malicious code," in Proc. 18th Annu. Comput. Security Appl. Conf., Dec. 2002, pp. 61-68.
25. C. C. Zou, W. Gong, and D. Towsley, "Worm propagation modeling and analysis under dynamic quarantine defense," Proc. ACM CCS Workshop on Rapid Malcode (WORM'03), pp. 51-60, Oct. 2003.