QoSoDoS: If you can't beat them, join them!

Proceedings - IEEE INFOCOM

Volumn , Issue , 2011, Pages 1278-1286

  Geva, Moti ^a   Herzberg, Amir ^a  

^a BAR ILAN UNIVERSITY   (Israel)

Author keywords

[No Author keywords available]

Indexed keywords

BEST-EFFORT; DOS ATTACKS; EMPIRICAL RESULTS; MULTIPLE TRANSMISSION; UNRELIABLE NETWORK;

COMPUTER CRIME;

EID: 79960856009     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFCOM.2011.5934910     Document Type: Conference Paper

References (26)

1. J. Mirkovic and P. L. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms, " Computer Communication Review, vol. 34, no. 2, pp. 39-53, 2004.
2. D. Grossman, "New Terminology and Clarifications for Diffserv, " RFC 3260 (Informational), Internet Engineering Task Force, Apr. 2002. [Online]. Available: http://www.ietf.orglrfc/rfc3260.txt
3. E. Rosen, A. Viswanathan, and R. Calion, "Multi protocol Label Switching Architecture, " RFC 3031 (Proposed Standard), Internet Engineering Task Force, Jan. 2001. [Online]. Available: http://www.ietf.orglrfc/ rfc3031.txt
4. J. Postel, "Transmission Control Protocol, " RFC 793 (Standard), Internet Engineering Task Force, Sep. 1981, updated by RFCs 1122, 3168. [Online]. Available: http://www.ietf.orglrfc/rfc793.txt
5. J.-Y. L. Boudec and P. Thiran, Network Calculus: A Theory of Deterministic Queuing Systems for the Internet, ser. Lecture Notes in Computer Science. Springer, 2001, vol. 2050.
6. M. Allman, V. Paxson, and E. Blanton, "TCP Congestion Control, " RFC 5681 (Draft Standard), Internet Engineering Task Force, Sep. 2009. [Online]. Available: http://www.ietf.orglrfc/rfc5681.txt
7. E. Kohler, M. Handley, and S. Floyd, "Datagram Congestion Control Protocol (DCCP), " RFC 4340 (Proposed Standard), Internet Engineering Task Force, Mar. 2006, updated by RFCs 5595, 5596. [Online]. Available: http://www.ietf.orglrfc/rfc4340.txt
8. H. Sangtae, R. Injong, and X. Lisong, "Cubic: a new tcp-friendly highspeed tcp variant, " SIGOP S Oper. Syst. Rev., vol. 42, pp. 64-74, July 2008.
9. A. Kuzmanovic and E. W. Knightly, "Low-rate TCP-targeted denial of service attacks and counter strategies, " IEEE/ACM Trans. Netw, vol. 14, no. 4, pp. 683-696, 2006.
10. C. Jin, H. Wang, and K. G. Shin, "Hop-count filtering: an effective defense against spoofed ddos traffic, " in ACM Conference on Computer and Communications Security, 2003, pp. 30-41.
11. P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, " RFC 2827 (Best Current Practice), Internet Engineering Task Force, May 2000, updated by RFC 3704. [Online]. Available: http://www.ietf.orglrfc/rfc2827.txt
12. Y. Gilad and A. Herzberg, "Lightweight opportunistic tunneling (LOT), " in Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. P roceedings, ser. Lecture Notes in Computer Science, M. Backes and P. Ning, Eds., vol. 5789. Springer, 2009, pp. 104-119.
13. J. Ioannidis and S. M. Bellovin, "Implementing pushback: Router-based defense against DDoS attacks, " in NDSS. The Internet Society, 2002.
14. R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, "Controlling high bandwidth aggregates in the network, " SIGCOMM Comput. Commun. Rev., vol. 32, pp. 62-73, July 2002.
15. K. Argyraki and D. R. Cheriton, "Active internet traffic filtering: realtime response to denial-of-service attacks, " in P roceedings of the annual conference on USENIX Annual Technical Conference, ser. ATEC '05. Berkeley, CA, USA: USENIX Association, 2005, pp. 10-10.
16. X. Liu, X. Yang, and Y. Lu, "To filter or to authorize: networklayer DoS defense against multimillion-node botnets, " in P roceedings of the ACM SIGCOMM 2008 Conference on Applications, Technologies, Architectures, and P rotocols for Computer Communications, Seattle, WA, USA, August 17-22, 2008, V. Bahl, D. Wetherall, S. Savage, and I. Stoica, Eds. ACM, 2008, pp. 195-206.
17. X. Yang, D. Wetherall, and T. E. Anderson, "A DoS-limiting network architecture, " in P roceedings of the ACM SIGCOMM 2005 Conference on Applications, Technologies, Architectures, and P rotocols for Computer Communications, P hiladelphia, Pennsylvania, USA, August 22-26, 2005, R. Guerin, R. Govindan, and G. Minshall, Eds. ACM, 2005, pp. 241-252.
18. A. Yaar, A. Perrig, and D. X. Song, "SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks, " in IEEE Symposium on Security and Privacy. IEEE Computer Society, 2004, p. 130.
19. A. D. Keromytis, V. Misra, and D. Rubenstein, "SOS: an architecture for mitigating DDoS attacks, " IEEE Journal on Selected Areas in Communications, vol. 22, no. 1, pp. 176-188, 2004.
20. D. G. Andersen, "Mayday: Distributed filtering for internet services, " in USENIX Symposium on Internet Technologies and Systems, 2003.
21. C. Dixon, T. E. Anderson, and A. Krishnamurthy, "Phalanx: Withstanding multimillion-node botnets, " in 5th USENIX Symposium on Networked Systems Design & Implementation, NSDI 2008, April 16-18, 2008, San Francisco, CA, USA, P roceedings, J. Crowcroft and M. Dahlin, Eds. USENIX Association, 2008, pp. 45-58.
22. J. Mirkovic and P. L. Reiher, "D-ward: A source-end defense against flooding denial-of-service attacks, " IEEE Trans. Dependable Sec. Comput., vol. 2, no. 3, pp. 216-232, 2005.
23. J. C.-Y. Chou, B. Lin, S. Sen, and O. Spatscheck, "Proactive surge protection: a defense mechanism for bandwidth-based attacks, " IEEE/ ACM Transactions on Networking, vol. 17, no. 6, pp. 1711-1723, Dec. 2009.
24. A. Mahimkar, J. Dange, V. Shmatikov, H. M. Yin, and Y. Zhang, "dFence: Transparent network-based denial of service mitigation, " in NSDI. USENIX, 2007.
25. G. C. Oikonomou, J. Mirkovic, P. L. Reiher, and M. Robinson, "A framework for a collaborative DDoS defense, " in ACSAG. IEEE Computer Society, 2006, pp. 33-42.
26. M. Walfish, M. Vutukuru, H. Balakrishnan, D. R. Karger, and S. Shenker, "DDoS defense by offense, " in SIGCOMM, 2006, pp. 303-314.