A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms (2004)

Cached

Download Links

Other Repositories/Bibliography

DBLP

by Jelena Mirkovic , Peter Reiher

Venue:	ACM SIGCOMM Computer Communication Review
Citations:	162 - 2 self

BibTeX

@ARTICLE{Mirkovic04ataxonomy,
    author = {Jelena Mirkovic and Peter Reiher},
    title = {A Taxonomy of DDoS Attack and DDoS Defense Mechanisms},
    journal = {ACM SIGCOMM Computer Communication Review},
    year = {2004},
    volume = {34},
    pages = {39--53}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.

Citations

854	Resilient overlay networks - Andersen, Balakrishnan, et al. - 2001
634	Managing the Commons - Hardin - 1998
462	Network support for IP traceback - Savage, Wetherall, et al. - 2001
438	Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ - Ferguson, Senie - 2000
255	Inferring Internet denial-ofservice activity,” presented at the Usenix Security Symp - Moore, Voelker, et al. - 2001
235	Implementing pushback: router-based defense against DDoS Attacks, in - Ioannidis, Bellovin - 2002
208	Controlling high bandwidth aggregates in the network. http://www.aciri.org/pushback - Mahajan, Bellovin, et al. - 2001
208	Advanced and authenticated Marking Schemes for IP Traceback - Song, Perrig - 2001
197	On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets - Park, Lee
185	A signal analysis of network traffic anomalies - Barford, Kline, et al. - 2002
180	SoS: secure overlay services, in - Keromytis, Misra, et al. - 2002
176	CenterTrack: An IP Overlay Network for Tracking DoS - Stone - 2000
170	Throttling viruses: Restricting propagation to defeat malicious mobile code - Williamson - 2002
165	An algebraic approach to IP traceback - Dean, Franklin, et al. - 2002
140	Practical Automated Detection of Stealthy Portscans - Staniford, Hoagland, et al. - 2002
135	A Framework for Classifying Denial of Service Attacks - Hussain, Heidemann, et al. - 2003
135	Client puzzles: a cryptographic countermeasure against connection depletion attacks, in - Juels, Brainard - 1999
133	Hash-based IP traceback - Snoeren, Partridge, et al. - 2001
128	Intrusion detection systems: A survey and taxonomy - Axelsson - 2000
128	An analysis of using reflectors for Distributed Denial of Service attacks - Paxson - 2001
114	DoS-resistant authentication with client puzzles - Aura, Nikander, et al. - 2000
105	Attacking DDoS at the source - Mirkovic, Prier, et al. - 2002
100	An Analysis of Security Incidents on the Internet - Howard - 1998
99	Mayday: distributed filtering for Internet services - Andersen - 2003
99	Analysis of a denial of service attack on TCP - Schuba, Krsul, et al. - 1997
97	Defending against denial of service attacks in scout - Spatscheck, Peterson - 1999
95	MULTOPS: a data-structure for bandwidth attack detection - Gil, Poleto - 2001
92	Internet Intrusions: Global Characteristics and Prevalence - Yegneswaran, Barford, et al. - 2003
90	ICMP traceback messages - BELLOVIN, LEECH, et al. - 2001
89	Preventing Internet Denial-of-Service with Capabilities - Anderson, Roscoe, et al. - 2004
83	A formal framework and evaluation method for network Denial of Service, in - Meadows - 1999
78	Towards a taxonomy of intrusion-detection systems - Debar, Dacier, et al. - 1999
56	The Open Source Network Intrusion Detection System. http://www.snort.org - Snort
51	SAVE: Source address validity enforcement protocol,IEEEComputer and - Li, Mirkovic, et al. - 2002
42	Protecting web servers from Distributed Denial of Service attacks - Kargl, Maier, et al.
36	Transport and Application Protocol Scrubbing - Malan, Watson, et al. - 2000
35	Syn cookies. http://cr.yp.to/syncookies.html - Bernstein - 1996
35	The DoS project's ‘Trinoo’ distributed denial of service attack tool,” Oct. 1999; “The ‘Stacheldraht’ distributed denial of service attack tool - Dittrich - 1999
32	The Tribe Flood Network Distributed Denial of Service attack tool - Dittrich - 1999
28	Distributed Denial of Service Attacks - Lau, Rubin, et al. - 2000
26	Towards network denial of service resistant protocols - Leiwo, Nikander, et al. - 2000
26	The XenoService - A Distributed Defeat for Distributed Denial of Service - Yan, Early, et al.
23	A common language for computer security incidents - Howard, Longstaff - 1998
22	Mitigation of DoS attacks through QoS Regulation - Garg, Reddy
21	EROS: a principle-driven operating system from the ground up - Shapiro, Hardy - 2002
19	D-WARD: Source-End Defense Against Distributed Denial-of-service Attacks - Mirkovic - 2003
18	Cyber punk - outlaws and hackers on the computer frontier - Hafner, Markoff - 1995
15	The ‘Mstream’ distributed denial of service attack tool, http://staff.washington.edu/dittrich/misc/mstream.analysis.txt - Dittrich
13	A method to implement a Denial of Service protection base - Zheng, Leiwo - 1997
13	Trends in Denial of Service Attack - Center - 2001