Phalanx: Withstanding multimillion-node botnets

5th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2008

Volumn , Issue , 2008, Pages 45-58

  Dixon, Colin ^a   Anderson, Thomas ^a   Krishnamurthy, Arvind ^a  

^a UNIVERSITY OF WASHINGTON   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BOTNET; NETWORK SECURITY; SYSTEMS ANALYSIS;

ACCESS LINKS; DISTRIBUTED DENIAL OF SERVICE; DYNAMIC ROUTES; INTERNET MODELING; INTERNET TOPOLOGIES; LOW-BANDWIDTH; PLANETLAB; RANDOM SEQUENCE;

DENIAL-OF-SERVICE ATTACK;

EID: 85094665335     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (40)

1. Akamai technologies. http://www.akamai.com/.
2. Microsoft's unabated patch flow. http://www.avertlabs.com/research/blog/index.php/category/ security-bulletins/, May 9 2007.
3. 'Surge' in hijacked PC networks. http://news.bbc.co.uk/2/hi/technology/6465833.stm, March 2007.
4. D. Adkins, K. Lakshminarayanan, A. Perrig, and I. Stoica. Towards a more functional and secure network infrastructure. Technical report, UC Berkeley, 2003.
5. D. G. Andersen. Mayday: Distributed filtering for internet services. In USITS, 2003.
6. N. Anderson. Vint Cerf: one quarter of all computers part of a botnet. http://arstechnica.com/news.ars/post/20070125-8707.html, January 25 2007.
7. T. Anderson, T. Roscoe, and D. Wetherall. Preventing internet denial-of-service with capabilities. In HotNets-II, 2003.
8. K. Argyraki and D. Cheriton. Network capabilities: The good, the bad and the ugly. In HotNets-IV, 2005.
9. K. Argyraki and D. R. Cheriton. Real-time response to denial-of-service attacks. In USENIX, 2005.
10. H. Ballani, Y. Chawathe, S. Ratnasamy, T. Roscoe, and S. Shenker. Off by default! In HotNets-IV, 2005.
11. D. J. Bernstein. SYN cookies. http://cr.yp.to/syncookies.html, 1996.
12. B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422-426, 1970.
13. M. Casado, P. Cao, A. Akella, and N. Provos. Flow-cookies: Using bandwidth amplification to defend against DDoS flooding attacks. In IWQoS, 2006.
14. R. Cox, A. Muthitacharoen, and R. Morris. Serving DNS using a peer-to-peer lookup service. In IPTPS, 2002.
15. J. R. Douceur. The sybil attack. In IPTPS, 2001.
16. P. Finn. Cyber assaults on Estonia typify a new battle tactic. http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122. html, May 19 2007.
17. J. Franklin, V. Paxson, A. Perrig, and S. Savage. An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants. In CCS, 2007.
18. T. Isdal, M. Piatek, A. Krishnamurthy, and T. Anderson. Leveraging bittorrent for end host measurements. In PAM, 2007.
19. A. D. Keromytis, V. Misra, and D. Rubenstein. SOS: Secure overlay services. In SIGCOMM, 2002.
20. B. Krebs. Blue security kicked while it's down. http://blog.washingtonpost.com/securityfix/2006/05/blue security surrenders but s.html, May 2006.
21. A. Kuzmanovic and E. Knightly. Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants. In SIGCOMM, 2003.
22. H. V. Madhyastha, T. Isdal, M. Piatek, C. Dixon, T. Anderson, A. Krishnamurthy, and A. Venkataramani. iPlane: An information plane for distributed services. In OSDI, 2006.
23. R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. Controlling high bandwidth aggregates in the network. CCR, 2002.
24. A. Mahimkar, J. Dange, V. Shmatikov, H. Vin, and Y. Zhang. dFence: Transparent Network-based Denial of Service Mitigation. In NSDI, 2007.
25. A. McCue. Bookie reveals $100,000 cost of denial-of-service extortion attacks. http://software.silicon.com/security/0,39024655,39121278,00.htm, June 11 2004.
26. B. Parno, D. Wendlant, E. Shi, A. Perrig, B. Maggs, and Y.-C. Hu. Portcullis: Protecting connection setup from Denial-of-Capbility attacks. In SIGCOMM, 2007.
27. B. Raghavan and A. Snoeren. Decongestion Control. In Hotnets-V, 2005.
28. V. Ramasubramanian and E. G. Sirer. The design and implementation of a next generation name service for the internet. In SIGCOMM, 2004.
29. R. Rivest. The MD5 Message-Digest Algorithm. RFC 1321 (Informational), Apr. 1992.
30. E. Shi, I. Stoica, D. Andersen, and A. Perrig. OverDoSe: A generic DDoS protection service using an overlay network. Technical report, Carnegie Mellon University, 2006.
31. E. Skoudis. Big honkin' botnet - 1.5 million! http://isc.sans.org/diary.html?storyid=778, October 2005.
32. S. Staniford, V. Paxson, and N. Weaver. How to 0wn the internet in your spare time. In USENIX Security, 2002.
33. A. Stavrou and A. D. Keromytis. Countering DoS attacks with stateless multipath overlays. In CCS, 2005.
34. I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana. Internet indirection infrastructure. In SIGCOMM, 2002.
35. R. Stone. CenterTrack: An IP Overlay Network for Tracking DoS Floods. In USENIX Security, 2000.
36. M. Theimer and M. B. Jones. Overlook: Scalable name service on an overlay network. In ICDCS, 2002.
37. M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, and S. Shenker. DDoS defense by offense. In SIGCOMM, 2006.
38. D. Wendlant, D. G. Andersen, and A. Perrig. Bypassing network flooding attacks using fastpass. Technical report, Carnegie Mellon University.
39. A. Yaar, A. Perrig, and D. Song. SIFF: A stateless internet flow filter to mitigate DDoS flooding attacks. In IEEE Symposium on Security and Privacy, 2004.
40. X. Yang, D. Wetherall, and T. Anderson. A DoS-limiting network architecture. In SIGCOMM, 2005.