TY - GEN
T1 - Mitigating DoS attack through selective bin verification
AU - Sherr, Micah
AU - Greenwald, Michael
AU - Gunter, Carl A.
AU - Khanna, Sanjeev
AU - Venkatesh, Santosh S.
PY - 2005
Y1 - 2005
N2 - Despite considerable attention from both the academic and commercial communities, denial-of-service (DoS) attacks represent a growing threat to network administrators and service providers. A large number of proposed DoS countermeasures attempt to detect an attack in-progress and filter out the DoS attack packets. These techniques often depend on the instantiation of sophisticated routing mechanisms and the ability to differentiate between normal and malicious messages. Unfortunately, neither of the se prerequisites may be practical or possible. We propose and evaluate a defense against DoS attacks which we call selective bin verification. The technique shows promise against large DoS attacks, even when attack packets are able to permeate the network and reach the target of their attack. We explore the effectiveness of our technique by implementing an experimental testbed in which selective bin verification is successfully used to protect against DoS attacks. We formally describe the mathematical properties of our approach and delineate "tuning" parameters for defending against various attacks.
AB - Despite considerable attention from both the academic and commercial communities, denial-of-service (DoS) attacks represent a growing threat to network administrators and service providers. A large number of proposed DoS countermeasures attempt to detect an attack in-progress and filter out the DoS attack packets. These techniques often depend on the instantiation of sophisticated routing mechanisms and the ability to differentiate between normal and malicious messages. Unfortunately, neither of the se prerequisites may be practical or possible. We propose and evaluate a defense against DoS attacks which we call selective bin verification. The technique shows promise against large DoS attacks, even when attack packets are able to permeate the network and reach the target of their attack. We explore the effectiveness of our technique by implementing an experimental testbed in which selective bin verification is successfully used to protect against DoS attacks. We formally describe the mathematical properties of our approach and delineate "tuning" parameters for defending against various attacks.
UR - http://www.scopus.com/inward/record.url?scp=33749052103&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33749052103&partnerID=8YFLogxK
U2 - 10.1109/NPSEC.2005.1532046
DO - 10.1109/NPSEC.2005.1532046
M3 - Conference contribution
AN - SCOPUS:33749052103
SN - 0780394275
SN - 9780780394278
T3 - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols
SP - 7
EP - 12
BT - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005
T2 - 2005 First Workshop on Secure Network Protocols, NPSec, held in conjunction with ICNP 2005: 13th IEEE International Conference on Network Protocols
Y2 - 6 November 2005 through 6 November 2005
ER -