Live baiting for service-level DoS attackers

Proceedings - IEEE INFOCOM

Volumn , Issue , 2008, Pages 682-690

  Khattab, Sherif ^a   Gobriel, Sameh ^a   Melhem, Rami ^a   Mossé, Daniel ^a  

^a University of Pittsburgh   (United States)

Author keywords

Attacker detection; Denial of service; Group testing

Indexed keywords

ATTACKER DETECTION; COMPUTER COMMUNICATIONS; DENIAL-OF-SERVICE; GROUP TESTING; INFOCOM;

COMPUTATIONAL COMPLEXITY; COMPUTER CRIME; COMPUTER NETWORKS; RISK ASSESSMENT;

POPULATION STATISTICS;

EID: 51349125816     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFOCOM.2007.43     Document Type: Conference Paper

References (41)

1. Virgil D. Gligor, "A note on denial-of-service in operating systems.," IEEE Trans. Software Eng., vol. 10, no. 3, pp. 320-324, 1984.
2. Virgil D. Gligor, "On denial-of-service in computer networks." in Pro-ceedings of the Second International Conference on Data Engineering. Washington. DC, USA. 1986, pp. 608-617. IEEE Computer Society.
3. Frank Kargl, Joern Maier, and Michael Weber, "Protecting web servers from distributed denial of service attacks," in WWW '01: Proceedings of the 10th international conference on World Wide Web, New York. NY. USA, 2001, pp. 514-524,'ACM Press.
4. Virgil D. Gligor, "Guaranteeing access in spite of distributed serviceflooding attacks.," in Security Protocols Workshop, 2003, pp. 80-96.
5. Cristian Estan and George Varghese. "New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice," ACM Trans. Comput. Syst., vol. 21, no. 3, pp. 270-313. 2003.
6. Rangarajan Vasudevan. Z. Morley Mao, Oliver Spatscheck, and Jacobus van der Merwe, "Reval: A tool for real-time evaluation of ddos mitigation strategies." in Proceedings of the 2006 USENIX Annual Technical Conferrence. 2006.
7. Chen-Nee Chuah, Lakshminarayanan Subramanian, and Randy H. Katz, "Dcap: detecting misbehaving flows via collaborative aggregate policing," SIGCOMM Comput. Commun. Rev., vol. 33, no. 5, pp. 5-18, 2003.
8. Andrew Sterrett, "On the detection of defective members of large populations," The Annals of Mathematical Statistics, vol. 28. no. 4, pp. 1033-1036, Dec. 1957.
9. Robert Dorfman, "The detection of defective members of large pop-ulations," The Annals of Mathematical Statistics, vol. 14, no. 4, pp. 436-440, Dec. 1943.
10. The Honeynet Project. Know Your Enemy, Addison-Wisley, Indianapolis, IN, 2002.
11. N. Weiler, "Honeypots for distributed denial-of-service attacks." in Proceedings of WET ICE 2002.
12. John Levine, Richard LaBella, Henry Owen, Didier Colitis, and Brian Culver. 'The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks," in Proceedings of the 2002 IEEE Workshop on Information Assurance and Security.
13. Balachander Krishnamurthy, "Mohonk: mobile honeypots to trace unwanted traffic early," in NetT '04: Proceedings of the ACM SIGCOMM workshop on Network troubleshooting, New York, NY, USA. 2004, pp. 277-282, ACM Press.
14. Sherif M. Khattab. Chatree Sangpachatanaruk, Daniel Mossé, Rami Melhem, and Taieb Znati, "Roaming Honeypots for Mitigating Servicelevel Denial-of-Service Attacks," in ICDCS 2004.
15. Sherif Khattab. Rami Melhem. Daniel Mossé, and Taieb Znati, "Honeypot back-propagation for mitigating spoofing distributed denial-ofservice attacks," Journal of Parallel and Distributed Computing (JPDC) Special Issue on Security in Grid and Distributed Systems, vol. 66, no. 9, pp. 1152-1164. Sept 2006.
16. Luis von Ahn, Manuel Blum, and John Langford, "Telling humans and computers apart automatically," Commun. ACM, vol. 47, no. 2, pp. 56-60, 2004.
17. M. T. Goodrich, M. J. Atallah, and R. Tamassia, "Indexing information for data forensics," in Proceedings of the Third International Conference on Applied Cryptography and Network Security (ACNS). J. Ioannidis, A. Keromytis, and M. Yung, Eds., 2005, pp. 206-221.
18. Benny Chor, Amos Fiat, and Moni Naor. 'Tracing traitors." in CRYPTO '94: Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology. 1994. pp. 257-270, Springer-Verlag.
19. Annalisa De Bonis and Ugo Vaccaro, "Constructions of generalized superimposed codes with applications to group testing and conflict resolution in multiple access channels," Theor. Comput. Sci., vol. 306. no. 1-3, pp. 223-243, 2003.
20. Yvo Desmedt, Rei Safavi-Naini, Huaxiong Wang, Lynn Batten, Chris Charnes, and Josef Pieprzyk, "Broadcast anti-jamming systems," Comput. Networks, vol. 35, no. 2-3, pp. 223-236, 2001.
21. Hung Q. Ngo and Ding-Zhu Du, "A survey on combinatorial group testing algorithms with applications to dna library screening." Disctrete mathematical pwblems with medical applications (New Brunswick, NJ) DIMACS Ser. Discrete Math. Theoret. Comput. Sci., Amer. Math. Soc. vol. 55, pp. 171-182, 2000.
22. D.Z. Du and F.K. Hwang. Combinatorial Group Testing and its Applications, World Scientific, Singapore, 2nd edition, 2000.
23. Moheeb Abu Rajab, Jay Zarfoss. Fabian Monrose, and Andreas Terzis, "My botnet is bigger than yours (maybe, better than yours): Why size estimates remain challenging," in Proceedings of USENIX/HotBots, April 2007.
24. Jaeyeon Jung, Balachander Krishnamurthy. and Michael Rabinovich, "Flash crowds and denial of service attacks: characterization and implications for cdns and web sites," in WWW '02: Proceedings of the 11th international conference on World Wide Web. New York. NY, IJSA, 2002, pp. 293-304, ACM Press.
25. Srikanth Kandula. Dina Katabi, Matthias Jacob, and Arthur W. Berger, "Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds," in 2nd Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005.
26. "Live Baiting for Service-level DoS Attackers." http://www.cs.pitt.edu/~skhattab/livebait.pdf. April 2006.
27. Federal Information Processing Standards Publication 180-2. "Secure hash standard." August 2002.
28. "The Network Simulator - ns-2," http://www.isi.edu/nsnam/ns/.
29. J. Cao, W.S. Cleveland, Y. Gao. K. Jeffay, F.D. Smith, and M.C. Weigle, "Stochastic models for generating synthetic http source traffic," in IEEE Infocom 2004, March 2004, vol. 3, pp. 1546-1557.
30. Jelena Mirkovic, Janice Martin, and Peter Reiher, "A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms," Tech. Rep. 020018, Computer Science Department, University of California. Los Angeles, 2002.
31. K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A. D. Keromytis, "Detecting targeted attacks using shadow honeypots." in Proceedings of the 14th USENIX Security Symposium, 2005.
32. Vyas Sekar, Nick Duffield, Oliver Spatscheck, Jacobus van der Merwe, and Hui Zhang, "Lads: Large-scale automated ddos detection system," in Proceedings of the 2006 USENIX Annual Technical Conference, 2006.
33. S. Ranjan, R. Swaminathan. M. Uysal, and E. Knightly. "Ddosresilient scheduling to counter application layer attacks under imperfect detection." in Proceedings of the IEEE Infocom, Barcelona, Spain. April 2006, IEEE.
34. Cheng Jin, Haining Wang, and Kang G. Shin. "Hop-count filtering: an effective defense against spoofed DDoS traffic," in Proceedings of the 10th ACM conference on Computer and communication security, 2003. pp. 30-41.
35. Avi Yaar, Adrian Perrig, and Dawn Song, "An endhost capability mechanism to mitigate DDoS flooding attacks," in Proceedings of the IEEE Symposium on Security and Privacy, May 2004.
36. Katerina Argyraki and David Cheriton, "Network capabilities: The good, the bad and the ugly," in Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets-IV), 2005.
37. Christian Kreibich, Andrew Warfield, Jon Crowcroft, Steven Hand, and Ian Pratt, "Using packet symmetry to curtail malicious traffic," in Proceedings of the ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets-IV), 2005.
38. Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, "Practical network support for IP traceback," in ACM SIGCOMM 2000.
39. Steven M. Bellovin, Marcus Leech, and Tom Taylor, "ICMP Traceback Messages," in draft-ietf-itrace-01.txt, intei-net-draft, October 2001. Expiivd draft.
40. Ratul Mahajan, Steven M. Bellovin, Sally Floyd. John Ioannidis, Vern Paxson, and Scott Shenker. "Controlling high bandwidth aggregates in the network," vol. 32, no. 3, pp. 62-73, 2002.
41. David K. Y. Yau, John C. S. Lui, and Feng Liang, "Defending Against Distributed Denial-of-service Attacks with Max-min Fair Server-centric Router Throttles." in Proeedings of the IEEE International Workshop on Quality of Service (IWQoS), May 2002.