The impact of flooding attacks on network-based services

ARES 2008 - 3rd International Conference on Availability, Security, and Reliability, Proceedings

Volumn , Issue , 2008, Pages 509-513

  Jensen, Meiko ^a   Gruschka, Nils ^a   Luttenberger, Norbert ^a  

^a UNIVERSITY OF KIEL   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

DENIAL OF SERVICE ATTACKS; FLOODING ATTACKS; FLOODING TECHNIQUES; INTERNATIONAL CONFERENCES; INTERNET SECURITY; NETWORK-BASED; NETWORK-BASED SERVICES; SERVICE PROVIDERS; TCP SYN FLOODING;

COMPUTER CRIME; INFORMATION SCIENCE; INFORMATION SERVICES; SECURITY OF DATA; TRANSMISSION CONTROL PROTOCOL; WEB SERVICES; WORLD WIDE WEB;

WELL FLOODING;

EID: 49049087362     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2008.16     Document Type: Conference Paper

References (24)

1. Gustavo Alonso, Fabio Casati, Harumi Konu, and Vijay Machiraju. Web Services. Springer, 2004.
2. Tuomas Aura, Pekka Nikander, and Jussipekka Leiwo. DOS-resistant authentication with client puzzles. Lecture Notes in Computer Science, 2133:170+, 2001.
3. Yan Chen, Adam Bargteil, Randy H. Katz, and John Kubiatowicz. Quantifying network denial of service: A location service case study. Technical report, Berkeley, CA, USA, 2001.
4. Erik Christensen, Francisco Curbera, Greg Meredith, and Sanjiva Weerawarana. Web Services Description Language (WSDL). W3C Note, 2001.
5. William Cox, Felipe Cabrera, George Copeland, Tom Freund, Johannes Klein, Tony Storey, and Satish Thatte. Web Services Transaction (WS-Transaction). Joint BEA, IBM, Microsoft white paper, 2001.
6. Donald Eastlake, Joseph Reagle, Takeshi Imamura, Blair Dillaway, and Ed Simon. XML Encryption Syntax and Processing. W3C Recommendation, 2002.
7. Jeffrey Schlimmer (Editor). Web Services Policy 1.2 - Framework (WS-Policy). W3C Member Submission, 2006.
8. Christopher Ferris and David Langworthy. Web Services Reliable Messaging Protocol. 2005.
9. Nils Gruschka, Ralph Herkenhöner, and Norbert Luttenberger. Access control enforcement for web services by event-based security token processing. In T. Braun, G. Carle, and B. Stiller, editors, 15. ITG/Gi Fachtagung Kommunikation in Verteilten Systemen (KiVS 2007), pages 371-382, 2007.
10. Nils Gruschka, Meiko Jensen, and Norbert Luttenberger. A Stateful Web Service Firewall for BPEL. Proceedings of the IEEE International Conference on Web Services (ICWS 2007), 2007.
11. Nils Gruschka and Norbert Luttenberger. Protecting Web Services from DoS Attacks by SOAP Message Validation. In Proceedings of the IFIP TC-11 21. International Information Security Conference (SEC 2006), 2006.
12. Nils Gruschka, Norbert Luttenberger, and Ralph Herkenhöner. Eventbased SOAP Message Validation for WS-SecurityPolicy-enriched Web Services. In Proceedings of the 2006 International Conference on Semantic Web & Web Services, 2006.
13. Martin Gudgin, Marc Hadley, Noah Mendelsohn, Jean-Jacques Moreau, and Henrik Frystyk Nielsen. SOAP Version 1.2 Part 1: Messaging Framework. W3C Recommendation, 2003.
14. Alefiya Hussain, John Heidemann, and Christos Papadopoulos. A framework for classifying denial of service attacks. In SIGCOMM '03: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, pages 99-110, New York, NY, USA, 2003. ACM Press.
15. Meiko Jensen, Nils Gruschka, Ralph Herkenhöner, and Norbert Luttenberger. SOA and Web Services: New Technologies, New Standards - New Attacks. In Proceedings of the 5th IEEE European Conference on Web Services, 2007.
16. Diane Jordan, John Evdemon, Alexandre Alves, Assaf Arkin, Sid Askary, Charlton Barreto, Ben Bloch, Francisco Curbera, Mark Ford, Yaron Goland, Alejandro Guizar, Neelakantan Kartha, Canyang Kevin Liu, Rania Khalaf, Dieter König, Mike Marin, Vinkesh Mehta, Satish Thatte, Danny van der Rijn, Prasad Yendluri, and Alex Yiu. Web Services Business Process Execution Language Version 2.0 (WS-BPEL 2.0). OASIS Standard, 2007.
17. Anthony Nadalin, Chris Kaler, Ronald Monzillo, and Phillip Hallam-Baker. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). 2006.
18. Supranamaya Ranjan, R. Swaminathan, M. Uysal, and Edward W. Knightly. DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection. In INFOCOM, 2006.
19. Christoph L. Schuba, Ivan V. Krsul, Markus G. Kuhn, Eugene H. Spafford, Aurobindo Sundaram, and Diego Zamboni. Analysis of a Denial of Service Attack on TCP. In SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 208-223, Washington, DC, USA, May 1997. IEEE Computer Society.
20. Anoop Singhal, Theodore Winograd, and Karen Scarfone. Guide to Secure Web Services. Recommendations of the National Institute of Standards and Technology, Special Publication 800-95, 2007.
21. Adam Smith. Estonia: Under siege on the web. Time Magazine, http://www.time.com/time/magazine/article/0,9171,1626744,00.html, 2007.
22. Michael Walfish, Hari Balakrishnan, David Karger, and Scott Shenker. DoS: Fighting Fire with Fire. 2005.
23. Haining Wang, Danlu Zhang, and Kang G. Shin. Detecting SYN flooding attacks. In Proceedings of the Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies (IN-FOCOM 2002), 2002.
24. Jian Yuan. Monitoring the Macroscopic Effect of DDoS Flooding Attacks. IEEE Trans. Dependable Secur. Comput., 2(4):324-335, 2005. Senior Member-Kevin Mills.