Sentinel: Hardware-accelerated mitigation of bot-based DDoS attacks

Proceedings - International Conference on Computer Communications and Networks, ICCCN

Volumn , Issue , 2008, Pages 633-640

  Djalaliev, Peter ^a   Jamshed, Muhammad ^a   Farnan, Nicholas ^a   Brustoloni, José ^a  

^a University of Pittsburgh   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; AUTHENTICATION; COMPUTER CRIME;

AND PERFORMANCE EVALUATIONS; AUTHENTICATION SCHEMES; CAPTCHA; CAPTCHAS; CLIENT AUTHENTICATIONS; KERNEL MODIFICATIONS; NETWORK DEVICES; NETWORK PROCESSORS; RESPONSE TIMES; SERVER FARMS; TRANSPORT LAYERS;

COMPUTER NETWORKS;

EID: 57849143337     PISSN: 10952055     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICCCN.2008.ECP.123     Document Type: Conference Paper

References (33)

1. "Arbor Networks Peakflow SP," http://www.arbornetworks.com/en/ peakflow-sp.html.
2. D. Bernstein, "SYN cookies," http://cr.yp.to/syncookies.html.
3. L. von Ann, M. Blum, N. Hopper, and J. Langforg, "CAPTCHA: Using hard AI problems for security," in Proc, Eurocrypt, 2003, pp. 294-311.
4. S. Kandula, D. Katabi, M. Jacob, and A. Berger, "Botz-4-Sale: Surviving organized DDoS attacks that mimic flash crowds," in Proc. 2nd Symposium on Network Systems Design and Implementation (NSDI), Boston, MA, 2005.
5. M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "A multifaceted approach to understanding the botnet phenomenon," in Proc. 6th ACM SIGCOMM Conference on Internet Measurement, Rio de Janeiro, Brazil, 2006, pp. 41-52.
6. "The botnet trackers," http://www.washingtonpost.com/wp-dyn/ content/article/2006/02/16/AR20060%21601388.html, February 2006.
7. M. Drewniak, "Michigan man gets 30 months for conspiracy to order destructive computer attacks on business competitors," http://www.usdoj. gov/criminal/cybercrime/araboSent.htm, August 2006.
8. T. Espiner, "Cracking open the cybercrime economy," http://news.zdnet.com/2100-1009-22-6222896.html, December 2007.
9. A. Turing, "Computing machinery and intelligence," Mind, vol. 59, no. 236, pp. 433-460, 1950.
10. G. Mori and J. Malik, "Breaking a visual CAPTCHA," http://www.es.sfu.ca/~mori/research/gimpy/.
11. "Breaking CAPTCHA without using ocr - a new technique," http://www.puremango.co.uk/cm-breaking-captcha-115.php, December 2007.
12. T. Claburn, "Yahoo's CAPTCHA security reportedly broken," http://www.inforrriationweek.com/news/showArticle.jhtml?articleID=2059006%20, January 2008.
13. G. Keizer, "Spammers' bot cracks Microsoft's CAPTCHA," http://www.computerworld.com/action/article.do?command=viewArticleBasic%& articleId=9061558, February 2008.
14. J. Leyden, "Spammers crack Gmail CAPTCHA," http://www. theregister. co.uk/2008/02/25/gmail-captcha-crack/, February 2008.
15. M. May, "Inaccessibility of CAPTCHA," http://www.w3.org/TR/ turingtest/, World Wide Web Consortium (W3C), Tech. Rep., November 2005.
16. M. Casado and M. Freedman, "Peering dirough die shroud: The effect of edge opacity on IP-based client identification," in Proc. 4th Symposium on Network Systems Design and Implementation (NSDI), Cambridge, MA, 2007.
17. G. van Rooij, "Real stateful TCP packet filtering in IP Filter," Invited talk in the 10th USENTX Security Symposium, August 2001.
18. M. Handley, V. Paxson, and C. Kreibich, "Network intrusion detection: Evasion, traffic normalization and end-to-end protocol semantics," in Proc. 10th USENIX Security Symposium, 2001, p. 9.
19. D. Knuth, J. H. Morris, and V. Pratt, "Fast pattern matching in strings," SIAM Journal on Computing, vol. 6, no. 2, pp. 323-350, 1973.
20. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, "Hypertext Transfer Protocol - HTTP/1.1," http://www.w3.org/Protocols/rfc2616/rfc2616.html, June 1999.
21. "Ebtables," http://ebtables.sourceforge.net/.
22. J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, and L. Stewart, "HTTP authentication: Basic and digest acess authentication," http://www.ietf.org/rfc/rfc2617, June 1999.
23. A. Juels and J. Brainard, "Client puzzles: A cryptographic countermeasure against connection depletion attacks," in Proc. Network and Distributed Security Systems (NDSS), 1999, pp. 151-165.
24. G. Kochanski, D. Lopresti, and C. Shih, "A reverse Turing test using speech," in Proc. 7th International Conference on Spoken Language Processing, Denver, CO, September 2002, pp. 1357-1360.
25. Y. Rui and Z. Liu, "ARTiFAClAL: Automated reverse turing test using facial features," in Multimedia, November 2003.
26. W. Morein, A. Stavrou, D. Cook, A. Keromytis, V. Misra, and D. Ruben-stein, "Using graphic Turing tests to counter automated DDoS attacks against web servers," in Proc. 10th ACM International Conference on Computer and Communications Security (CSS), October 2003, pp. 8-19.
27. M. Walfish, M. Vutukuru, H. Balakrishnan, V. Karger, and S. Shenker, "DDoS defence by offense," in Proc. ACM Special Interest Group in Data Communications (SIGCOMM), Pisa, Italy, September 2006.
28. J. Binkley and S. Singh, "An algorithm for anomaly-based botnet detection," in Proc. 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2006.
29. J. Goebel and T. Holz, "Rishi: Identify bot contaminated hosts by IRC nickname evaluation," in Proc. 1st Workshop on Hot Topics in Understanding Botnets, Cambridge, MA, April 2007.
30. H. Choi, H. Lee, H. Lee, and H. Kim, "Botnet detection by monitoring group activities in DNS traffic," in Proc. 7th IEEE International Conference on Computer and Information Technology, 2007, pp. 715-720.
31. A. Ramachandran, N. Fearnster, and D. Dagon, "Revealing botnet membership using DNSBL counter-intelligence," in Proc. 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), 2006, pp. 49-54.
32. A. Karasaridis, B. Rexroad, and D. Hoeflin, "Wide-scale botnet detection and characterization," in Proc. 1st Workshop on Hot Topics in Understanding Botnets, 2007.
33. C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer, "Using machine learning techniques to identify botnet traffic," in Proc. 2nd IEEE LCN Workshop on Network Security (WoNS), November 2006.