Independent study on Denial of Service Attack

With Prof. Honghui Lu

Send email to (maoy at cis.upenn.edu) for access permissions. Thanks.

Reading list:

What is DDoS attack?

  • A good, easy understood introduction to Distributed Denial of Service Attack, by Bennett Todd, Feb 2002
  • Trend in DoS attacks. by CERT Coordination Center. Oct 2001.
    Trends in My Eyes

  • A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms, UCLA Tech Report.

  • Known DDoS tools
  • Known DDoS attack classification

    Difference between DoS and Flash Crowds
  • Jaeyeon Jung, et. al, Flash Crowds and Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites WWW2002 slides
    My comments

    • Quantitative DDoS research

  • David Moore, Geoffrey Voelker, Stefan Savage, Inferring Internet Denial-of-Service Activity (USENIX Security, 2001)
    My Comments

  • Stuart Staniford et al, How to Own the Internet in Your Spare Time , USENIX Security'02.

  • Dug Song, A Snapshot of Global Internet Worm Activity USENIX Security'02 Work-in-Progress Report, slides

  • Rob Malan et al, Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP

    How to detect DDoS attacks

  • Thomer M. Gil, MULTOPS: A Data-Structure for Bandwidth Attack Detection, USENIX'01

    • How to resist DDoS attacks

  • John Ioannidis and Steven M. Bellovin, "Implementing Pushback: Router-Based Defense Against DDoS Attacks", NDSS, February 2002. (PDF here.)
    My comments

  • Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, Scott Shenker, Controlling High Bandwidth Aggregates in the Network CCR July, 2002
    The algorithm of "pushback"

  • Kihong Park, On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets SIGCOMM 2001.

  • J. Mirkovic, G. Prier and P. Reiher, Attacking DDoS at the Source, ICNP 2002.

  • Xiaohu Qie, Ruoming Pang and Larry Peterson, Making Software Resistant to DoS Attacks Through Defensive Programming, USENIX Security'02 Work-in-Progress Report, and OSDI'02. (This is not actually about DDoS, but DoS. Since it is a relatively new idea, I put it here.)
    My Comments

    • How to find the origin of DDoS attacks (traceback)

  • Stefan Savage et. al, Practical Network Support for IP Traceback(SIGCOMM, 2000), slides

  • Dawn Song et. al, Advanced and Authenticated Marking Schemes for IP Traceback (INFOCOMM 2001)

  • Alex C. Snoeren et al, Hash-Based IP Traceback , SIGCOMM 2001

    • Traffic Traces

  • Trace from UCLA

    • Other resources:

  • A comprehensive DDoS resource page at UWashington.