Improving the resilience of content distribution networks to large scale distributed denial of service attacks

Computer Networks

Volumn 51, Issue 10, 2007, Pages 2753-2770

  Lee, Kang Won ^a   Chari, Suresh ^a   Shaikh, Anees ^a   Sahu, Sambit ^a   Cheng, Pau Chen ^a  

^a IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Content distribution networks; Distributed Denial of Service attacks; Hash based request routing; Network security; Service level guarantee; Site allocation using binary codes

Indexed keywords

ALGORITHMS; BINARY CODES; DISTRIBUTED COMPUTER SYSTEMS; LARGE SCALE SYSTEMS; QUALITY OF SERVICE; USER INTERFACES; WEBSITES;

CONTENT DISTRIBUTION NETWORKS; DISTRIBUTED DENIAL; HASH-BASED REQUEST ROUTING; SERVICE ATTACKS; SERVICE LEVEL GUARANTEE; SITE ALLOCATION USING BINARY CODES;

INTERNET;

EID: 34247553674     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2006.11.025     Document Type: Article

References (35)

1. P. Ferguson, D. Senie, Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing (RFC 2827), Internet Request for Comments (May 2000).
2. Kihong Park, Heejo Lee, On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets, in: Proceedings of ACM SIGCOMM, 2001.
3. Strategies to protect against distributed denial of service (DDoS) attacks, Cisco Systems White Paper. http://www.cisco.com/warp/public/707/newsflash.html (February 2000).
4. F. Kargl, J. Maier, M. Weber, Protecting web servers from distributed denial of service attacks, in: Proceedings of WWW, 2001.
5. D.J. Bernstein, SYN cookies. http://cr.yp.to/syncookies.html (November 2001).
6. Jupiter Media Metrix, US top 50 web and digital media properties. http://www.jmm.com/xp/jmm/press/mediaMetrixTop50.xml (October 2001).
7. J. Jung, B. Krishnamurthy, M. Rabinovich, Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites, in: Proceedings of 11th WWW Conference, 2002.
8. V.P. Limin Wang, L. Peterson, The effectiveness of request redirection on CDN robustness, in: Proceedings of USENIX Symposium on Operating Systems Design and Implementation, 2002.
9. B. Krishnamurthy, C. Wills, Y. Zhang, On the use and performance of content distribution networks, in: Proceedings of ACM SIGCOMM Internet Measurement Workshop, 2001.
10. IBM e-Business Hosting. http://www.ibm.com/services/webhosting (July 2002).
11. A. Barbir et al., Known CDN request-routing mechanisms, Internet Draft (draft-ietf-cdi-known-request-routing-00.txt) (February 2002).
12. A. Shaikh, R. Tewari, M. Agrawal, On the effectiveness of DNS-based server selection, in: Proceedings of IEEE INFOCOM, 2001.
13. Z.M. Mao, C.D. Cranor, F. Douglis, M. Rabinovich, O. Spatscheck, J. Wang, A precise and efficient evaluation of the proximity between web clients and their local DNS servers, in: Proceedings of USENIX Annual Technical Conference, 2002.
14. Jung J., Sit E., Balakrishnan H., and Morris R. DNs performance and the effectiveness of caching. IEEE/ACM Transaction on Networking 10 (2002) 589-604
15. David Moore, Geoffrey M. Voelker, Stefan Savage, Inferring internet denial-of-service attack, in: Proceedings of USENIX Security Symposium, 2001.
16. CERT Coordination Center, Denial of service attacks, CERT Tech Tips. http://www.cert.org/tech_tips/denial_of_service.html (June 2001).
17. Web attacks? the ISPs strike back!, ZDNet News. http://zdnet.com.com/2100-11-518743.html?legacy=zdnn (February 2000).
18. Akamai Technologies. http://www.akamai.com.
19. Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent, W. Timothy Strayer, Hash-based IP traceback, in: Proceedings of ACM SIGCOMM, 2001.
20. Stefan Savage, David Wetherall, Anna Karlin, Tom Anderson, Practical network support for IP traceback, in: Proceedings of ACM SIGCOMM, 2000.
21. CERT Coordination Center, Code Red worm exploiting buffer overflow in IIS indexing service DLL, CERT Advisory CA-2001-19. http://www.cert.org/advisories/CA-2001-19.html (July 2001).
22. Mihir Bellare, Ran Canetti, Hugo Krawczyk, Keyed hash functions for message authentication, in: Proceedings of CRYPTO, 1996.
23. A.P. Abraham Yaar, D. Song, FIT: fast internet traceback, in: Proceedings of IEEE INFOCOM, 2005.
24. D.X. Song, A. Perrig, Advanced and authenticated marking schemes for IP traceback, in: Proceedings of IEEE INFOCOM, 2001.
25. Hugo Krawczyk, LFSR-based hashing and authentication, in: Proceedings of CRYPTO, 1994.
26. Mosberger D., and Jin T. Httperf: a tool for measuring web server performance. ACM Performance Evaluation Review 26 3 (1998)
27. Blahut R.E. Theory and Practice of Error-Control Codes (1983), Addison Wesley
28. In: Pless V., and Huffman W. (Eds). Handbook of Coding Theory (1998), Elsevier, Amsterdam
29. Best M., Brouwer A., MacWilliams F., Odlyzko A., and Sloane N. Bounds for binary codes of length less than 25. IEEE Transactions on Information Theory 24 (1978) 81-93
30. H. Burch, B. Cheswick, Tracing anonymous packets to their approximate source, in: Proceedings of USENIX Systems Administration Conference (LISA), 2000.
31. G. Sager, Security fun with OCxmon and cflowd, Presentation to Internet-2 Measurement Working Group. http://www.caida.org/projects/ngi/content/security/1198/ (November 1998).
32. S.M. Bellovin, M.D. Leech, T. Taylor, Internet draft (draft-ietf-itrace-01.txt) (April 2002).
33. R. Stone, CenterTrack: an IP overlay network for tracking DoS floods, in: Proceedings of USENIX Security Symposium, 2000.
34. CERT Coordination Center, TCP SYN flooding and IP spoofing attacks, CERT Advisory CA-1996-21. http://www.cert.org/advisories/CA-1996-21.html (September 1996).
35. Sun Microsystems Security Bulletin #00136. http://sunsolve.sun.com/security (October 1996).