A Framework for a Collaborative DDoS Defense

Oikonomou, George; Mirković, Jelena; Reiher, Peter; Robinson, M.

doi:10.1109/acsac.2006.5

Cited by 68 publications

(67 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Internet Indirection Infrastructure (i3) [9] also uses the Chord overlay to protect applications from direct DoS attacks. Other DoS limiting overlay network architectures have been explored in, e.g., [15,23]. Most of the approaches above use traffic analysis or indirection approaches to make DoS attacks hard, but none of these would be able to survive the attackers considered in this paper since they essentially rely on the ability to protect servers from direct hits of adversarial traffic.…”

Section: Related Workmentioning

confidence: 99%

A Denial-of-Service Resistant DHT

Awerbuch¹,

Scheideler²

2007

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We consider the problem of designing scalable and robust information systems based on multiple servers that can survive even massive denial-of-service (DoS) attacks. More precisely, we are focusing on designing a scalable distributed hash table (DHT) that is robust against so-called past insider attacks. In a past insider attack, an adversary knows everything about the system up to some time point t 0 not known to the system. After t0, the adversary can attack the system with a massive DoS attack in which it can block a constant fraction of the servers of its choice. Yet, the system should be able to survive such an attack in a sense that for any set of lookup requests, one per non-blocked (i.e., non-DoS attacked) server, every lookup request to a data item that was last updated after t0 can be served by the system, and processing all the requests just needs polylogarithmic time and work at every server. We show that such a system can be designed.

show abstract

Section: Related Workmentioning

confidence: 99%

A Denial-of-Service Resistant DHT

Awerbuch¹,

Scheideler²

2007

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Oikonomou et al developed the overlay concept of defense mechanism, proposing DefCOM [35]. The authors present a defense system that is both collaborative and deployed widely by combining the advantages of end-to-end approaches, core defenses, and heterogeneous network systems.…”

Section: Network Based Defense Mechanismsmentioning

confidence: 99%

“…To defend against these botnet attacks, two kinds of defense mechanism have been proposed according to the areas that they protect: the network-based and the application-based defense mechanism. The former approach consists mainly of three technical methods: congestion control [33] [34], network configuration [22] [35], and signature filters [16] [18] [36]. On the other hand, the types of application-based defense mechanisms are much more numerous: client-puzzle [37], IRC-based [23], anomaly-based [10] [27], DNS tracking [25], and attack traffic suppression [24].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Defense Technique for ISP Against the Distributed Denial of Service Attacks

Moon

Choi

Kim

et al. 2014

Appl. Math. Inf. Sci.

View full text Add to dashboard Cite

Abstract:As malicious traffic from botnets now threatens the network infrastructure of Internet Service Providers (ISPs), the importance of controlling botnets is greater than ever before. However, it is not easy to handle rapidly evolving botnets efficiently because of the highly evolved detection avoidance techniques used by botnet makers. Further, nowadays, Distributed Denial of Service (DDoS) attacks can compromise not only specific target sites but also the entire network infrastructure, as high-bandwidth Internet services are now being provided. Thus, ISPs are deploying their own defense systems to prevent DDoS attacks and protect their network infrastructure. However, the new problem ISPs confront is that botnet masters also try to destroy their defense systems to make their attack successful. ISPs can mitigate DDoS through botnet-specific management by taking preemptive measures, such as the proactive reverse engineering of suspicious code and the use of honeypots. This paper illustrates an advanced DDoS defense technique for the use of ISPs with a real case study of the technique's implementation. This technique was proven very effective method for controlling botnets, and we could confirm this effectiveness in a real ISP environment.

show abstract

“…The dynamic decisions of the recursive traversal of the translation table graph, as well as the persistent state, help DRUID to be more adaptive and context dependent, so that various protections and compensation can be added as needed, delaying the cost of expensive mechanisms until they are of real benefit. For example, certain types of DDoS protection [37,41] require adding marks to packets and checking for those marks at various points in the network. DRUID's ability to add and remove blocks dynamically would permit inserting and removing the necessary blocks at the appropriate locations only when DDoS defense was actually required, rather than at all times.…”

Section: Issues and Challengesmentioning

confidence: 99%

A Dynamic Recursive Unified Internet Design (DRUID)

Touch¹,

Baldin

Dutta

et al. 2011

Computer Networks

Self Cite

View full text Add to dashboard Cite

a b s t r a c tThe Dynamic Recursive Unified Internet Design (DRUID) is a future Internet design that unifies overlay networks with conventional layered network architectures. DRUID is based on the fundamental concept of recursion, enabling a simple and direct network architecture that unifies the data, control, management, and security aspects of the current Internet, leading to a more trustworthy network. DRUID's architecture is based on a single recursive block that can adapt to support a variety of communication functions, including parameterized mechanisms for hard/soft state, flow and congestion control, sequence control, fragmentation and reassembly, compression, encryption, and error recovery. This recursion is guided by the structure of a graph of translation tables that help compartmentalize the scope of various functions and identifier spaces, while relating these spaces for resource discovery, resolution, and routing. The graph also organizes persistent state that coordinates behavior between individual data events (e.g., coordinating packets as a connection), among different associations (e.g., between connections), as well as helping optimize the recursive discovery process through caching, and supporting prefetching and distributed pre-coordination. This paper describes the DRUID architecture composed of these three parts (recursive block, translation tables, persistent state), and highlights its goals and benefits, including unifying the data, control, management, and security planes currently considered orthogonal aspects of network architecture.

show abstract

A Framework for a Collaborative DDoS Defense

Cited by 68 publications

References 16 publications

A Denial-of-Service Resistant DHT

A Denial-of-Service Resistant DHT

A Hybrid Defense Technique for ISP Against the Distributed Denial of Service Attacks

A Dynamic Recursive Unified Internet Design (DRUID)

Contact Info

Product

Resources

About