CluB: A cluster based framework for mitigating distributed denial of service attacks

Proceedings of the ACM Symposium on Applied Computing

Volumn , Issue , 2011, Pages 520-527

  Fu, Zhang ^a   Papatriantafilou, Marina ^a   Tsigas, Philippas ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

cluster based; distributed denial of service; granularity of control

Indexed keywords

CLUSTER-BASED; CONTROL ASPECTS; DATAGRAMS; DDOS ATTACK; DISTRIBUTED DENIAL OF SERVICE; DISTRIBUTED DENIAL OF SERVICE ATTACK; GRANULARITY OF CONTROL; ROUTING POLICIES;

CLUSTER COMPUTING; TRANSMISSION CONTROL PROTOCOL;

COMPUTER CRIME;

EID: 79959316635     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1982185.1982297     Document Type: Conference Paper

References (24)

1. Crypto++ 5.6.0 benchmarks http://www.cryptopp.com/benchmarks.html, 2009.
2. T. Anderson, T. Roscoe, and D. Wetherall. Preventing internet denial-of-service with capabilities. SIGCOMM Comput. Commun. Rev., 34(1):39-44, 2004.
3. K. Argyraki and D. Cheriton. Network capability: The good, the bad and the ugly. In In Proceedings of Workshop on Hot Topics in Networks (HotNets-IV), November 2005.
4. K. Argyraki and D. R. Cheriton. Active internet traffic filtering: real-time response to denial-of-service attacks. In Proceedings of the annual conference on USENIX Annual Technical Conference, pages 10-10. USENIX Association, 2005.
5. J.-Y. L. Boudec. Rate adaptation, congestion control and fairness: A tutorial, EPFL, December 2000.
6. Y. Chen, K. Hwang, and W.-S. Ku. Collaborative detection of DDoS attacks over multiple network domains. IEEE Trans. Parallel Distrib. Syst., 18(12):1649-1662, 2007.
7. F. Chung and L. Lu. The average distances in random graphs with given expected degrees. Internet Mathematics, 1:15879-15882, 2002.
8. D. Estrin, J. Mogul, and G. Tsudik. Visa protocols for controlling interorganizational datagram flow. Selected Areas in Communications, IEEE Journal on, 7(4):486-498, May 1989.
9. M. Faloutsos, P. Faloutsos, and C. Faloutsos. On power-law relationships of the internet topology. In SIGCOMM '99, pages 251-262. ACM, 1999.
10. Z. Fu, M. Papatriantafilou, and P. Tsigas. Mitigating distributed denial of service attacks in multiparty applications in the presence of clock drifts. In Proceedings of IEEE SRDS, pages 63-72. IEEE Computer Society, 2008.
11. Z. Fu, M. Papatriantafilou, and P. Tsigas. CluB: A cluster based method for mitigating distributed denial of service attacks, Technical Report 2009-09, Chalmers University of Technology, 2009. www.cse.chalmers.se/~zhafu/CluB.pdf.
12. Z. Fu, M. Papatriantafilou, P. Tsigas, and W. Wei. Mitigating denial of capability attacks using sink tree based quota allocation. In Proceedings of SAC 2010, pages 713-718. ACM, 2010.
13. Y.-C. Hu, A. Perrig, and M. Sirbu. Spv: secure path vector routing for securing bgp. In SIGCOMM '04, pages 179-192. ACM, 2004.
14. A. D. Keromytis, V. Misra, and D. Rubenstein. SOS: secure overlay services. SIGCOMM Comput. Commun. Rev., 32(4):61-72, 2002.
15. X. Liu, X. Yang, and Y. Lu. To filter or to authorize: network-layer DoS defense against multimillion-node botnets. In SIGCOMM '08, pages 195-206. ACM, 2008.
16. R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. Controlling high bandwidth aggregates in the network. SIGCOMM Comput. Commun. Rev., 32(3):62-73, 2002.
17. A. B. I. M. Mitzenmacher. Network applications of bloom filters: A survey. In Internet Mathematics, pages 636-646, 2002.
18. B. Parno, D. Wendlandt, E. Shi, A. Perrig, B. Maggs, and Y.-C. Hu. Portcullis: protecting connection setup from denial-of-capability attacks. In SIGCOMM '07, pages 289-300. ACM, 2007.
19. B. Raghavan and A. C. Snoeren. A system for authenticated policy-compliant routing. SIGCOMM Comput. Commun. Rev., 34(4):167-178, 2004.
20. S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Practical network support for ip traceback. SIGCOMM Comput. Commun. Rev., 30(4):295-306, 2000.
21. D. X. Song and A. Perrig. Advanced and authenticated marking schemes for ip traceback. In IEEE INFOCOM 2001., volume 2, pages 878-886 vol.2, 2001.
22. A. Stavrou and A. D. Keromytis. Countering dos attacks with stateless multipath overlays. In Proceedings of ACM CCS, pages 249-259, New York, NY, USA, 2005. ACM.
23. A. Yaar, A. Perrig, and D. Song. SIFF: A stateless internet flow filter to mitigate DDoS ooding attacks. IEEE Security and Privacy Symposium, page 130, 2004.
24. X. Yang, D. Wetherall, and T. Anderson. A DoS-limiting network architecture. In SIGCOMM '05, pages 241-252. ACM, 2005.