A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks

IEEE Communications Surveys and Tutorials

Volumn 15, Issue 4, 2013, Pages 2046-2069

  Zargar, Saman Taghavi ^a   Joshi, James ^a   Tipper, David ^a  

^a UNIVERSITY OF PITTSBURGH   (United States)

Author keywords

Collaborative DDoS defense; Distributed DDoS defense; Distributed Denial of Service (DDoS) flooding attack; Intrusion detection systems; Intrusion prevention systems

Indexed keywords

COLLABORATIVE DDOS DEFENSE; DISTRIBUTED DDOS DEFENSE; FLOODING ATTACKS; INTRUSION DETECTION SYSTEMS; INTRUSION PREVENTION SYSTEMS;

HIERARCHICAL SYSTEMS; INTRUSION DETECTION;

FLOODS;

EID: 84888391622     PISSN: None     EISSN: 1553877X     Source Type: Journal    
DOI: 10.1109/SURV.2013.031413.00127     Document Type: Article

References (149)

1. P. J. Criscuolo, Distributed Denial of Service, Tribe Flood Network 2000, and Stacheldraht CIAC-2319, Department of Energy Computer Incident Advisory Capability (CIAC), UCRL-ID-136939, Rev. 1., Lawrence Livermore National Laboratory, February 14, 2000.
2. J. Mirkovic and P. Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communications Review, vol. 34, no. 2, pp. 39-53, April 2004.
3. S. Ranjan, R. Swaminathan, M. Uysal, and E. Knightly, DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection, IEEE INFOCOM'06, 2006.
4. R. K. C. Chang, Defending against flooding-based distributed denial of service attacks: A tutorial, Computer J. IEEE Commun. Magazine, Vol. 40, no. 10, pp. 42-51, 2002. (Pubitemid 35311945)
5. R. Puri, Bots and Botnet-an overview, Aug. 08, 2003, [online] http://www.giac.org/practical/GSEC/Ramneek Puri GSEC.eps
6. B. Todd, Distributed Denial of Service Attacks, Feb. 18, 2000, [online] http://www.linuxsecurity.com/resource files/intrusion detection/ddos-whitepaper. html
7. CERT, Denial of Service Attacks, June 4, 2001, [online] http://www.cert.org/tech tips/denial of service.html
8. J. Liu, Y. Xiao, K. Ghaboosi, H. Deng, and J. Zhang, Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures, EURASIP J. Wireless Communications and Networking, vol. 2009, Article ID 692654, 11 pages, 2009.
9. Yahoo on Trail of Site Hackers, Wired.com, Feb. 8, 2000, [online] http://www.wired.com/news/business/0,1367,34221,00.html
10. Powerful Attack Cripples Internet, Oct. 23, 2002, [online] http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg id=00A7G7
11. Mydoom lesson: Take proactive steps to prevent DDoS attacks, Feb. 6, 2004, [online] http://www.computerworld.com/s/article/89932/Mydoom lesson Take proactive steps to prevent DDoS attacks?taxonomyId=017
12. Lazy Hacker and Little Worm Set Off Cyberwar Frenzy, July 8, 2009, [online] http://www.wired.com/threatlevel/2009/07/mydoom/
13. New "cyber attacks" hit S Korea, July 9, 2009, [online] http://news.bbc.co.uk/2/hi/asia-pacific/8142282.stm
14. Operation Payback cripples MasterCard site in revenge for WikiLeaks ban, Dec. 8, 2010, [online] http://www.guardian.co.uk/media/2010/dec/08/operation- payback-mastercard-website-wikileaks
15. T. Kitten, DDoS: Lessons from Phase 2 Attacks, Jan. 14, 2013, [online] http://www.bankinfosecurity.com/ddos-attacks-lessons-from-phase-2-a-54 20/op-1
16. Forrester Consulting, The Trends And Changing Landscape Of DDoS Threats And Protection, A commissioned study conducted by Forrester Consulting on behalf of VeriSign, Inc., July 2009.
17. Worldwide Infrastructure Security Report: Volume VI, 2011 Report, Arbor Networks, Feb. 1st, 2011, [online] http://www.arbornetworks.com/report
18. Prolexic Technologies, [online] http://www.prolexic.com/index.php knowledge-center/frequently-asked-questions/index.html
19. X. Geng, Y. Huang, and A. B. Whinston, Defending wireless infrastructure against the challenge of DDoS attacks, Mobile Networks and Applications, vol. 7, no. 3, pp. 213-223, 2002. (Pubitemid 34414752)
20. A. D. Wood, and J. A. Stankovic, A Taxonomy for Denial-of-Service Attacks in Wireless Sensor Networks, Handbook of Sensor Networks: Compact Wireless and Wired Sensing Systems, CRC Press, 2004 (invited chapter).
21. S. T. Zargar, M. B. H. Weiss, C. E. Caicedo, and J. B. D. Joshi, Security in Dynamic Spectrum Access Systems: A Survey, in Telecommunications Policy Research Conference, Arlington VA, 2009.
22. N. Fultz, and J. Grossklags, Blue versus Red: Towards a Model of Distributed Security Attacks, In Financial Cryptography and Data Security, Roger Dingledine and Philippe Golle (Eds.). Lecture Notes in Computer Science, vol. 5628, Springer-Verlag, pp. 167-183, 2009, Berlin, Heidelberg.
23. L. Greenemeier, Estonian Attacks Raise Concern Over Cyber "Nuclear Winter", Information Week, May 24, 2007, [online] http://www. informationweek.com/news showArticle.jhtml?articleID=199701774
24. [online] http://isc.sans.edu/diary.html?storyid=6622
25. [online] http://techcrunch.com/2010/11/28/wikileaks-ddos-attack/
26. [online] http://www.sbsun.com/ci 21392063/us-general-we-hacked-enemy- afghanistan
27. [online] http://www.gideonrasmussen.com/article-14.html
28. [online] http://online.wsj.com/article/SB123914805204099085.html
29. P. Liu, W. Zang, and M. Yu, Incentive-based modeling and inference of attacker intent, objectives, and strategies, ACM Trans. Inf. Syst. Secur. vol. 8, no. 1, pp. 78-118, February 2005. (Pubitemid 40479430)
30. N. Chantler, Profile of a Computer Hacker, Interpact Press, FL, 1997.
31. L. C. Chen, T. A. Longstaff, and K. M. Carley, Characterization of defense mechanisms against distributed denial of service attacks, Computers & Security, vol. 23, no. 8, pp. 665-678, December 2004.
32. T. Peng, C. Leckie, and K. Ramamohanarao, Survey of network-based defense mechanisms countering the DoS and DDoS problems, ACM Comput. Surv. 39, 1, Article 3, April 2007.
33. U. Tariq, M. Hong, and K. Lhee, A Comprehensive Categorization of DDoS Attack and DDoS Defense Techniques, ADMA LNAI 4093, pp. 1025-1036, 2006. (Pubitemid 44503248)
34. S. M. Specht, and R. B. Lee, Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures, in Proc. 17th International Conference on Parallel and Distributed Computing Systems, pp.543-550, 2004.
35. RioRey, Inc. 2009-2012, RioRey Taxonomy of DDoS Attacks, RioReyTaxonomy Rev 2.3 2012, 2012. [online] http://www.riorey.com/x-resources/2012/RioRey Taxonomy DDoS Attacks 2012.eps
36. C. Douligeris, and A. Mitrokotsa, DDoS attacks and defense mechanisms: classification and state-of-the-art, Computer Networks, Vol. 44, No. 5, pp. 643-666, April 2004.
37. S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly, DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer attacks, IEEE/ACM Trans. Netw., Vol. 17, No. 1, pp. 2639, February 2009.
38. Arbor Application Brief: The Growing Threat of Application-Layer DDoS Attacks, Arbor Networks, Feb. 28, 2011, [online] http://www.arbornetworks.com/ component/docman/doc download/467-the-growing-threat-of-application-layer-ddos- attacks?Itemid=442.
39. BreakingPoint Labs, Application-Layer DDoS Attacks Are Growing: Three to Watch Out For, Oct. 4, 2011, [online] http://www.breakingpointsystems.com/ resources/blog/application-layer-ddos-attacks-growing/
40. ha.ckers.org, Slowloris HTTP DoS, Retrieved Oct. 19, 2012, [online] http://ha.ckers.org/slowloris/
41. TrustWave SpiderLab, (Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks, Jul. 13, 2011, [online] http://blog. spiderlabs.com/2011/07/advanced-topic-of-the-week-mitigating-slow-http-dos- attacks.html
42. K. J. Higgins, Researchers To Demonstrate New Attack That Exploits HTTP, Nov. 01, 2010, [online] http://www.darkreading.com/vulnerability-management/ 167901026 /security/attacks-breaches/228000532/index.html
43. S. Shekyan, Are you ready for slow reading?, Jan. 5, 2012, [online] https://community.qualys.com/blogs/securitylabs/2012/01/05/slow-read
44. E. Alomari, S. Manickam, B. B. Gupta, S. Karuppayah, and R. Alfaris, Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art, International Journal of Computer Applications, Vol. 49, no. 7, pp. 24-32, Jul., 2012.
45. J. Lo et al., An IRC Tutorial, April, 2003, irchelp.com 1997, [online] http://www.irchelp.org/irchelp/irctutorial.html#part1.
46. B. Hancock, Trinity v3, a DDoS tool, hits the streets, Computers & Security, Vol. 19, no. 7, pp. 574-574, Nov., 2000.
47. Bysin, knight.c sourcecode, 2001, [online] http://packetstormsecurity. org/distributed/knight.c.
48. team-cymru Inc., A Taste of HTTP Botnets, July, 2008, [online] http://www.team-cymru.com/ReadingRoom/Whitepapers/2008/httpbotnets. eps
49. J. Nazario, BlackEnergy DDoS Bot Analysis, Arbor Networks, 2007, [online] http://atlas-public.ec2.arbor.net/docs/BlackEnergy+DDoS+Bot+ Analysis.eps
50. Praetox Technologies Low Orbit Ion Cannon, 2010, [online] https://github.com/NewEraCracker/LOIC/
51. E. Mills, DOJ, FBI, entertainment industry sites attacked after piracy arrests, 2012, [online] http://news.cnet.com/8301-27080 3-57362279-245/doj-fbi- entertainment-industry-sites-attacked-after-piracy-arrests.
52. C. Wilson , DDoS and Security Reports: The Arbor Networks Security Blog, Arbor Networks, 2011, [online] http://ddos.arbornetworks.com/2012/02/ddos-tools/ .
53. [online] http://infosecisland.com/blogview/12395-DDoS-Attack-Utilizes- Self-Destructing-Botnet.html
54. Cisco, IPS 7.0 Global Correlation, 2009, [online] http://www.cisco.com/ en/US/docs/security/ips/7.0/configuration /guide/ime/ime collaboration.html
55. P. Ferguson, and D. Senie, Network Ingress Filtering: Defeating Denial of Service Attacks that employ IP source address spoofing, Internet RFC 2827, 2000.
56. S. Kent, and R. Atkinson, Security Architecture for the Internet Protocol, IETF, RFC 2401, November 1998.
57. S. Kent, and R. Atkinson, IP Authentication Header, IETF, RFC 2402, November 1998.
58. J. Mirkovic, G. Prier, and P. Reiher, Attacking DDoS at the Source, in Proc. 10th IEEE International Conference on Network Protocols (ICNP '02), Washington DC, USA, 2002.
59. J. Mirkovic, G. Prier, and P. Reihe, Source-End DDoS Defense, in Proc. 2nd IEEE International Symposium on Network Computing and Applications, April 2003.
60. T. M. Gil, and M. Poleto, MULTOPS: a data-structure for bandwidth attack detection, in Proc. 10th Usenix Security Symposium, Washington, DC, pp. 2338, August 13-17, 2001.
61. S. Abdelsayed, D. Glimsholt, C. Leckie, S. Ryan, and S. Shami, An efficient filter for denial-of-service bandwidth attacks, in Proc. 46th IEEE Global Telecommunications Conference (GLOBECOM'03), pp. 13531357, 2003.
62. Mananet, Reverse Firewall, [online] http://www.cs3-inc.com/pubs/Reverse FireWall.eps
63. A. John, and T. Sivakumar, DDoS: Survey of Traceback Methods, International Journal of Recent Trends in Engineering ACEEE (Association of Computer Electronics & Electrical Engineers), vol. 1, no. 2, May 2009.
64. R. Chen, J. M. Park, and R. Marchany, RIM: Router interface marking for IP traceback, in IEEE Global Telecommunications Conference (GLOBECOM'06), 2006.
65. B. Al-Duwairi, and G. Manimaran, Novel Hybrid Schemes Employing Packet Marking and Logging for IP Traceback, IEEE Trans. Parallel Distrib. Syst., vol. 17, no. 5, pp. 403-418, May 2006.
66. S. Savage, D. Wetherall, A. Karlin, and T. Anderson, Practical Network Support for IP Traceback, Technical report, Department of Computer Science and Engineering, University of Washington, 2000.
67. H. Burch, and B. Cheswick, Tracing anonymous packets to their approximate source, in Proc. USENIX Large Installation Systems Administration Conference, pages 319-327, New Orleans, USA, Decemeber 2000.
68. J. Glave, Smurfing cripples ISPs, in Wired TechnologyNews, 1998, [online] http://www.wired.com/news /news/technology/story/9506.html
69. Y. C. Wu, H. R. Tseng, W. Yang, and R. H. Jan, DDoS detection and traceback with decision tree and grey relational analysis, Int. J. Ad Hoc Ubiquitous Comput., vol. 7, no. 2, pp. 121-136, 2011.
70. B. Joao, D. Cabrera, and et al., Proactive Detection of Distributed Denial of Service Attacks Using MIB Traffic Variables - A Feasibility Study, Integrated Network Management Proceedings, pp. 609-622, 2001.
71. R. Jalili, F. ImaniMehr, Detection of Distributed Denial of Service Attacks Using Statistical Pre-Prossesor and Unsupervised Neural Network, ISPEC, Springer-Verlag Berlin Heidelberg, pp.192-203, 2005.
72. M. Li, J. Liu, and D. Long, Probability Principle of Reliable Approach to detect signs of DDOS Flood Attacks, PDCAT, Springer-Verlag Berlin Heidelberg, pp.596-599, 2004.
73. T. Peng, C. Leckie, and K. Ramamohanarao, Protection from distributed denial of service attacks using history-based IP filtering, ICC '03. May , Vol.1, pp: 482-486, 2003.
74. H. Wang, C. Jin, and K. G. Shin, Defense Against Spoofed IP Traffic Using Hop-Count Filtering, IEEE/ACM Trans. Netw., vol. 15, no. 1, pp.40-53, February 2007. (Pubitemid 46464416)
75. M. Abliz, Internet Denial of Service Attacks and Defense Mechanisms, University of Pittsburgh, Department of Computer Science, Technical Report. TR-11-178, March 2011.
76. A. Yaar, A. Perrig, and D. Song, Pi: A Path Identification Mechanism to Defend against DDoS Attacks, in IEEE Symposium on Security and Privacy, pp. 93, 2003.
77. Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao, PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks, IEEE Trans. Dependable Secure Computing, vol. 3, no. 2, pp. 141-155, 2006.
78. E. Y. K. Chan et al., Intrusion Detection Routers: Design, Implementation and Evaluation Using an Experimental Testbed, IEEE J. Sel. Areas Commun., vol. 24, no. 10, pp. 1889-1900, 2006.
79. K. Park, and H. Lee, On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack, in Proc. IEEE INFOCOM 2001, pp. 338347.
80. K. Park, and H. Lee, On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets, in Proc. ACM SIGCOMM, August 2001.
81. A. T. Mizrak, S. Savage, and K. Marzullo, Detecting compromised routers via packet forwarding behavior, IEEE Network, pp.34-39, 2008. (Pubitemid 351514029)
82. K. A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R. A. Olsson, Detecting Disruptive Routers: A Distributed Network Monitoring Approach, in Proc. 1998 IEEE Symposium on Security and Privacy, May 1998.
83. J. R. Hughes, T. Aura, and M. Bishop, Using Conservation of Flow as a Security Mechanism in Network Protocols, in Proc. 2000 IEEE Symposium on Security and Privacy, May 2000.
84. J. M. Gonzalez, M. Anwar, and J. B. D. Joshi, A trust-based approach against IP-spoofing attacks, in Proc. IEEE PST, pp. 63-70, 2011.
85. P. Zhou, X. Luo, A. Chen, and R. K. C. Chang, STor: Social Network based Anonymous Communication in Tor, in The Computing Research Repository (CoRR), 2011.
86. S. T. Zargar, and J. B. D. Joshi, A Collaborative Approach to Facilitate Intrusion Detection and Response against DDoS Attacks, the 6th Int'l Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010), Chicago, IL, October 9-12, 2010.
87. M. R. Sharma, and J. W. Byers, Scalable Coordination Techniques for Distributed Network Monitoring, in Proc. PAM, pp. 349-352, 2005. (Pubitemid 41252763)
88. B. Claise, Cisco Systems NetFlow Services Export Version 9, RFC 3954, 2004.
89. R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, Controlling high bandwidth aggregates in the network, presented at Computer Communication Review, pp.62-73, 2002.
90. D. Yau, J. C. S. Lui, and F. Liang, Defending against distributed denial of service attacks using max-min fair server centric router throttles, IEEE international conference on Quality of Service. 2002.
91. R. Chen, and J. M. Park, Attack Diagnosis: Throttling distributed denial-of-service attacks close to the attack sources, IEEE Int'l Conference on Computer Communications and Networks (ICCCN'05), Oct. 2005.
92. R. Chen, J. M. Park, and R. Marchany, TRACK: A novel approach for defending against distributed denial-of-service attacks, Technical Report TR-ECE-06-02, Dept. of Electrical and Computer Engineering, Virginia Tech, Feb. 2006.
93. J. Mirkovic, P. Reiher, and M. Robinson, Forming Alliance for DDoS Defense, in Proc. New Security Paradigms Workshop, Centro Stefano Francini, Ascona, Switzerland, 2003.
94. C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, Cossack: Coordinated Suppression of Simultaneous Attacks, in Proc. DARPA Information Survivability Conference and Exposition, Vol. 1, pp. 2 13, Apr. 2003.
95. T. Anderson, T. Roscoe, and D. Wetherall, Preventing Internet denial-of-service with capabilities, SIGCOMM Comput. Commun. Rev., vol. 34, no. 1, pp. 39-44, 2004.
96. B. Parno et al., Portcullis: protecting connection setup from denial-of-capability attacks, SIGCOMM Comput. Commun. Rev., vol. 37, no. 4, pp. 289-300, 2007. (Pubitemid 350239792)
97. X. Yang, D. Wetherall, and T. Anderson, TVA: a DoS-limiting network architecture, IEEE/ACM Trans. Netw., vol. 16, no. 6, pp. 1267-1280, 2008.
98. X. Yang, D. Wetherall, and T. Anderson, A DoS-limiting Architecture, in ACM SIGCOMM, Philadelphia, PA, USA, August 2005.
99. A. Yaar, A. Perrig, and D. Song, SIFF: a Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks, in Proc. 2004 IEEE Symposium on Security and Privacy, pp. 130-143, May 2004.
100. X. Liu, A. Li, X. Yang, and D. Wetherall, Passport: secure and adoptable source authentication, in Proc. 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI'08), San Francisco, CA, USA, pp. 365-378, 2008.
101. X. Liu, X. Yang, and Y. Lu, To filter or to authorize: network-layer DoS defense against multimillion-node botnets, in Proc. ACM SIGCOMM conference on Data communication (SIGCOMM '08), NY, USA, pp. 195-206, 2008.
102. X. Yang, A DoS Limiting Network Architecture, [online] http://www.cs.duke.edu/nds/ddos/
103. K. Argyraki, and D. R. Cheriton, Scalable network-layer defense against internet bandwidth-flooding attacks, in IEEE/ACM Trans. Netw., 17(4), pp. 1284-1297, August 2009.
104. F. Huici, Deployable Filtering Architectures Against Large Denial-of-Service Attacks, Ph.D. dissertation, Department of Computer Science, University College London, December, 2009.
105. X. Liu, X. Yang, and Y. Lu, StopIt: Mitigating DoS Flooding Attacks from Multi-Million Botnets, Technical Report 08-05, http://www.cs.duke.edu/xinl/ stopit-tr.eps
106. G. Kambourakis, T. Moschos, D. Geneiatakis, and S. Gritzalis, Detecting DNS Amplification Attacks, in Critical Information Infrastructures Security Lecture Notes in Computer Science, Vol. 5141, pp. 185-196, 2008.
107. IPTraf tool, An IP Network Monitor, [online] http://iptraf.seul.org/
108. A. Rahul, S. K. Prashanth, B. S. kumarand , and G. Arun, Detection of Intruders and Flooding In Voip Using IDS, Jacobson Fast And Hellinger Distance Algorithms, IOSR Journal of Computer Engineering (IOSRJCE), Vol. 2, no. 2, pp. 30-36, July-Aug. 2012.
109. S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly, DDoS-shield: DDoS-resilient scheduling to counter application layer attacks, IEEE/ACM Trans. Netw., Vol. 17, no. 1, pp. 26-39, February 2009.
110. Y. Xie, and S. Z. Yu, A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors, IEEE/ACM Trans. Netw. (TON), Vol. 17, no. 1, pp. 54-65, February 2009.
111. H. I. Liu, and K. C. Chang, Defending systems Against Tilt DDoS attacks, Telecommunication Systems, Services, and Applications (TSSA), pp. 22-27, October 20-21, 2011.
112. M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker, DDoS defense by offense, SIGCOMM Computer Communications Review, Vol. 36, no. 4, pp. 303-314, August 2006. (Pubitemid 44623736)
113. J. Yu, Z. Li, H. Chen, and X. Chen, A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks, the third International Conference on Networking and Services (ICNS'07), pp. 54, June 19-25, 2007.
114. S. Kandula, D. Katabi, M. Jacob, and A. W. BergerBotz-4-sale: Surviving organized ddos attacks that mimic flash crowds, in Proc. Symposium on Networked Systems Design and Implementation (NSDI), Boston, May 2005.
115. G. Oikonomou, and J. Mirkovic, Modeling human behavior for defense against flash-crowd attacks, in Proc. 2009 IEEE international conference on Communications (ICC'09), pp. 625-630, 2009.
116. L. V. Ahn, M. Blum, N. J. Hopper, and J. Langford, CAPTCHA: using hard AI problems for security, in Proc. 22nd international conference on Theory and applications of cryptographic techniques (EUROCRYPT'03), Eli Biham (Ed.). Springer-Verlag, Berlin, Heidelberg, 294-311. 2003.
117. M. Srivatsa, A. Iyengar, J. Yin, and L. Liu, Mitigating application-level denial of service attacks on Web servers: A client-transparent approach, ACM Trans. Web (TWEB), Vol. 2, no. 3, July 2008.
118. J. Yu, C. Fang, L. Lu, and Z. Li, A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks, in Proc. Infoscale 2009, LNICST 18, pp. 175191, 2009.
119. S. R. Devi, and P. Yogesh, A hybrid approach to counter application layer DDoS attacks, International J. Cryptography and Information Security(IJCIS), Vol. 2, no.2, June 2012.
120. X. Geng, and A. B. Whinston, Defeating Distributed Denial of Service attacks, IEEE IT Professional, 2(4), pp. 36-42, 2002.
121. Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks, Retrieved Oct. 19, 2012, [online] http://www.cisco.com/en/US/tech/tk59/ technologies/white paper09186a 0080174a5b.shtml
122. A. D. Keromytis, V. Misra, and D. Rubenstein, SOS: Secure Overlay Services, in Proc. SIGCOMM'02, 2002.
123. D. G. Andersen, V. Misra, and D. Rubenstein, Mayday: Distributed filtering for internet services, in Proc. USENIX'03, 2003.
124. J. Yan, S. Early, and R. Anderson, The XenoService-A Distributed Defeat for Distributed Denial of Service, in Proc. ISW 2000, October 2000.
125. ICANN Report, DNS Distributed Denial of Service (DDoS) Attacks, Security and Stability Advisory Committee (SSAC), March 2006.
126. Y. Huang, and J. M. Pullen, Countering Denial of Service attacks using congestion triggered packet sampling and filtering, in Proc. 10th International Conference on Computer Communiations and Networks, 2001.
127. T. Peng, C. Leckie, and K. Ramamohanarao, Detecting distributed denial of service attacks using source ip address monitoring, 2003, [Online] http://www.cs.mu.oz.au/tpeng/mudguard/research/detection.eps
128. A. Dainotti, A. Pescape, and G. Ventre, Wavelet-based detection of dos attacks, in IEEE Global Telecommunications Conference, GLOBECOM, 2006.
129. M. Kim, H. Kang, S. Hong, S. Chung, and J. W. Hong, A flow-based method for abnormal network traffic detection, in Network Operations and Management Symposium, vol. 1, pp. 599-612, April 2004.
130. R. M. Mutebi, and I. A. Rai, An Integrated Victim-based Approach against IP Packet Flooding Denial of Service, International J. Computing and ICT Research, Special Issue Vol. 4, No. 1, pp. 70-80, October 2010.
131. V. A. Siris, and F. Papaglou, Application of anomaly detection algorithms for detecting syn flooding attacks, in Proc. IEEE GLOBECOM, 2004.
132. J. Mls, Mitigating denial of service attacks: A tutorial, J. Computer Security, Vol. 13, No. 6, pp. 807-837, 2005.
133. S. V. Stehman, "Selecting and interpreting measures of thematic classification accuracy". Remote Sensing of Environment, Vol. 62, No. 1, pp. 77-89, 1997. (Pubitemid 28052020)
134. R. P. Majuca, W. Yurcik, and J. P. Kesan, The evolution of cyberinsurance, Information Systems Frontier, 2005.
135. A New Era In Information Security and Cyber Liability Risk Management: A Survey on Enterprise-wide Cyber Risk Management Practices, Sponsored by Zurich Financial Services Group and administered by New York-based Advisen Ltd, October 2011, [online] http://corner.advisen.com/pdf files/cyberliability riskmanagement.eps
136. J. Kesan, R. Majuca, and W. Yurcik, Cyberinsurance as a market-based solution to the problem of cybersecurity:a case study, SIFT Information Security Services, 2006.
137. C. Lai, G. Medvinsky, and C. Neuman, Endorsments, licensing, and insurance for distributed systems services, in Proc. 2nd ACM Conf. Computer and Comm. Security (CCS), Fairfax, VA, November 1994.
138. W. S. Baer, and A. Parkinson, Cyberinsurance in IT Security Management, IEEE Security & Privacy, Vol. 5, No. 3, pp. 50-56, May-June 2007. (Pubitemid 46883434)
139. T. Bosco, The Economic Viability of Cyber Insurance: Seeking Financial Certainty in IT Security, in Proc. WEIS'05, Harvard, MA, June 2005.
140. V. J. Gurbani, and A. R. McGee, An early application of the Bell Labs Security framework to analyze vulnerabilities in the Internet telephony domain, Bell Labs Technical Journal-Information Technology/Network Security, Vol. 12, No. 3, pp. 7-19, September 2007. (Pubitemid 350189033)
141. Security architecture for systems providing end-to-end communications, ITU X.805 standard, International Telecommunication Union, 2003, [online] http://www.itu.int/rec/T-REC-X.805-200310-I/en
142. Information technology-Security techniques-Code of practice for information security management, ISO 27002 standard, International Organization for Standardization, [online] http://www.iso.org/iso/catalogue detail?csnumber=50297
143. IntruGuard: DDoS Mitigation Solution, Juniper networks and IntruGuard, November 2007, [online] http://www.intruguard.com/documents/351267.eps
144. DDoS Survey: Q1 2012 When Businesses Go Dark, Neustar Insights: DDoS Survey Q1 2012, [online] http://hello.neustar.biz/rs/neustarinc/images/neustar- insights-ddos-attack-survey-q1-2012.eps
145. Service Provider Infrastructure Security Techniques, Service Provider Security, Cisco systems, [online] http://www.cisco.com/web/about/security/ intelligence/sp infrastruct scty.html
146. S. T. Zargar, H. Takabi, and J. B. D. Joshi, DCDIDP: A Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention Framework for Cloud Computing Environments, the 7th Intl Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2011), October 15-18, 2011, Orlando, FL.
147. J. Carter, The Internet of Things: how it'll revolutionise your devices, techradar, July 2012, [online] http://www.techradar.com/news/internet/the- internet-of-things-how-itll-revolutionise-your-devices-958669
148. D. Evans, The Internet of Things [INFOGRAPHIC], Cisco Blog, July 2011, [online] http://blogs.cisco.com/news/the-internet-of-things-infographic/
149. M. Chui, M. Lffler, and R. Roberts, The Internet of Things, McKinsey Quarterly, March 2010, [online] http://www.mckinseyquarterly.com/The Internet of Things 2538