Mitigation and traceback countermeasures for DDoS [ie DoS] attacks

xv CHAPTER 1. DENIAL OF SERVICE ATTACKS 1 1.1 The Increasing Threat of DoS Attacks 1 1.2 Roots of the DoS Problem 2 1.3 Classification of DoS Attacks 4 1.3.1 Attribute-based Characterization of DoS Attacks 5 1.3.2 Means-based Classification of DoS Attacks 10 1.3.3 Impact-based Classification of DoS Attacks 17 1.4 Research Challenges in Countering DoS Attacks 18 1.5 Dissertation Organization 20 CHAPTER 2. STATE OF THE ART IN DoS COUNTERMEASURES . . 21 2.1 DoS Prevention Schemes 25 2.1.1 Source-based DoS Prevention Schemes 25 2.1.2 Network-based DoS Prevention Schemes 26 2.1.3 Victim-based DoS Prevention Schemes 27 2.2 DoS Mitigation Schemes 28 2.2.1 Rate Limiting-based DoS Mitigation Schemes 28

[1]  Mario Gerla,et al.  Defense against low-rate TCP-targeted denial-of-service attacks , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[2]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[3]  Jun Li,et al.  Large-scale IP traceback in high-speed Internet: practical techniques and theoretical foundation , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[4]  V. Jacobson,et al.  Congestion avoidance and control , 1988, CCRV.

[5]  Craig Partridge,et al.  Hardware support for a hash-based IP traceback , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[6]  Xun Wang,et al.  Analyzing the secure overlay services architecture under intelligent DDoS attacks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[7]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[8]  Tzi-cker Chiueh,et al.  A path information caching and aggregation approach to traffic source identification , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[9]  Angelos D. Keromytis,et al.  SOS: an architecture for mitigating DDoS attacks , 2004, IEEE Journal on Selected Areas in Communications.

[10]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[11]  Daniel Massey,et al.  On design and evaluation of "intention-driven" ICMP traceback , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[12]  Ratul Mahajan,et al.  Controlling High Bandwidth Aggregates in the Network (Extended Version) , 2001 .

[13]  H. Jonathan Chao,et al.  High-speed router filter for blocking TCP flooding under DDoS attack , 2003, Conference Proceedings of the 2003 IEEE International Performance, Computing, and Communications Conference, 2003..

[14]  Sandeep K. Gupta,et al.  TCP vs. TCP: a systematic study of adverse impact of short-lived TCP flows on long-lived TCP flows , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[15]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[16]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[17]  Shigeyuki Matsuda,et al.  Tracing Network Attacks to Their Sources , 2002, IEEE Internet Comput..

[18]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[19]  Dawn Xiaodong Song,et al.  Pi: a path identification mechanism to defend against DDoS attacks , 2003, 2003 Symposium on Security and Privacy, 2003..

[20]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .

[21]  Nirwan Ansari,et al.  Accommodating fragmentation in deterministic packet marking for IP traceback , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[22]  Kang G. Shin,et al.  Transport-Aware IP Routers: A Built-In Protection Mechanism to Counter DDoS Attacks , 2003, IEEE Trans. Parallel Distributed Syst..

[23]  Steven M. Bellovin,et al.  ICMP Traceback Messages , 2003 .

[24]  Ross Oliver Countering SYN Flood Denial-of-Service (DoS) Attacks , 2001 .

[25]  Dawn Xiaodong Song,et al.  Advanced and authenticated marking schemes for IP traceback , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[26]  Bill Cheswick,et al.  Mapping and Visualizing the Internet , 2000, USENIX Annual Technical Conference, General Track.

[27]  Kang G. Shin,et al.  IP easy-pass: edge resource access control , 2004, IEEE INFOCOM 2004.

[28]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2006, TNET.

[29]  Ion Stoica,et al.  Providing guaranteed services without per flow management , 1999, SIGCOMM '99.

[30]  Mario Gerla,et al.  D-ward: source-end defense against distributed denial-of-service attacks , 2003 .

[31]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[32]  Mooi Choo Chuah,et al.  Packetscore: statistics-based overload control against distributed denial-of-service attacks , 2004, IEEE INFOCOM 2004.

[33]  Jun Xu,et al.  IP Traceback-Based Intelligent Packet Filtering: A Novel Technique for Defending against Internet DDoS Attacks , 2003, IEEE Trans. Parallel Distributed Syst..

[34]  Michalis Faloutsos,et al.  Denial of service attacks at the MAC layer in wireless ad hoc networks , 2002, MILCOM 2002. Proceedings.

[35]  Jonathan Lemon,et al.  Resisting SYN Flood DoS Attacks with a SYN Cache , 2002, BSDCon.

[36]  Lixia Zhang,et al.  Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification , 1997, RFC.

[37]  Robert Stone,et al.  CenterTrack: An IP Overlay Network for Tracking DoS Floods , 2000, USENIX Security Symposium.

[38]  Hassan Aljifri,et al.  IP Traceback using header compression , 2003, Comput. Secur..

[39]  Anat Bremler-Barr,et al.  Spoofing prevention method , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[40]  Mun Choon Chan,et al.  On the effectiveness of DDoS attacks on statistical filtering , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[41]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[42]  J. Postel,et al.  File transfer protocol (FTP) , 1985 .

[43]  Ahmed Helmy,et al.  Systematic Simulation-based Study of Adverse Impact of Short-lived TCP Flows on Long-lived TCP Flows 1 , 2003 .

[44]  Nitin H. Vaidya,et al.  Detection and handling of MAC layer misbehavior in wireless networks , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[45]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[46]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[47]  Thomas E. Daniels,et al.  Reference models for the concealment and observation of origin identity in store -and -forward networks , 2002 .

[48]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[49]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[50]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[51]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[52]  Jon Postel Character Generator Protocol , 1983, RFC.

[53]  Kang G. Shin,et al.  Persistent dropping: an efficient control of traffic aggregates , 2003, SIGCOMM '03.

[54]  Jerry R. Hobbs,et al.  An algebraic approach to IP traceback , 2002, TSEC.

[55]  Bharat K. Bhargava,et al.  Detecting Service Violations and DoS Attacks , 2003, NDSS.

[56]  Bharat K. Bhargava,et al.  On detecting service violations and bandwidth theft in QoS network domains , 2003, Comput. Commun..

[57]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[58]  G. Manimaran,et al.  Internet infrastructure security: a taxonomy , 2002, IEEE Netw..

[59]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[60]  Shigang Chen,et al.  Perimeter-based defense against high bandwidth DDoS attacks , 2005, IEEE Transactions on Parallel and Distributed Systems.

[61]  Michael T. Goodrich,et al.  Efficient packet marking for large-scale IP traceback , 2002, CCS '02.

[62]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[63]  Ratul Mahajan,et al.  Controlling high-bandwidth flows at the congested router , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[64]  H. Jonathan Chao,et al.  Transient performance of PacketScore for blocking DDoS attacks , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[65]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[66]  Vern Paxson,et al.  An analysis of using reflectors for distributed denial-of-service attacks , 2001, CCRV.

[67]  Matt Ganis,et al.  SOCKS Protocol Version 5 , 1996, RFC.

[68]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[69]  André Zúquete,et al.  Improving the functionality of syn cookies , 2002, Communications and Multimedia Security.

[70]  Nirwan Ansari,et al.  IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[71]  Kevin Jeffay,et al.  Variability in TCP round-trip times , 2003, IMC '03.

[72]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[73]  Marco Mellia,et al.  TCP model for short lived flows , 2002, IEEE Communications Letters.

[74]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[75]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[76]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[77]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[78]  Bill Cheswick,et al.  Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.

[79]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.