2008-IUPR-23Apr_1825.pdf

0.9.1 0.98 00.html 000 051605ddos-extortion.html 10-6 10.1109 10.1145 100 10000 100000 103 10th 114 12000 131.246.64.0 131.246.65.0 14.79 14000 144 149 150000 15th 2.12 2.6.13.5 200 2000 20000 200000 2002 2003 2004 2005 2006 2007 213 224 250000 270 275 28.2 2827 284 295 2nd 300000 306 308 325 328 350000 389112 4000 40000 400000 4283645 43010 46.53 464 4805457 4814 4GB 50000 572319 6.23 6000 60000 608 628 633 66.0GB 68.44 768569 773559 799 8000 80000 813 82.46 828 92.50 948109.948116 995 ACKNOWLEDGMENT ACL ACLs ACM AHIF APPROACHES ARE Abstract--Distributed Accepting Access Adaptive Address After Against Agobot All Also Amazon.com Anchorage Anderson Any Apache Approaches Armin Artificial Attack Attackers Attacks Aura Available BASE BAYES BAYESIAN Back Based Bayes Bayesian Besides Both Breuel Brooks But Buy.com CCS CNN COLLATERAL COMPARING CPU Can Carl Center Chang Christoph Cisco Classification Classifier Collins Communication Communications Comparing Computer Computing Conference Control Cyberassaults D-67663 DAMAGE DDOS DDoS DECISION DENYING DFKI DHCP DIFFERENT DISCUSSION DNS DS-1 DS-2 DUE Datasets Decision Defeating Defending Denial Denial-of-Service Denial-ofDervice Denialof-service Department Detection Deutsche Discussion Distributed Dittrich DoS DoS-resistant Duda Due During Each Early Edition Effective Email Equation Estan Estimating Events Extortion FDNA FILTER FILTERING FINDING FOR Fair February Ferguson Fig Figure Filtering Finally First Flooding-Based Focused For Fortunately From Furthermore Future Generally Generation German Germany Given GmbH Goldstein Greenhalgh Group HIF HIGHER HTTP Handley Harrison Hart Hide History-Based History-based HistoryBased Hollyman Hop-count However IANA IANAreserved ICC ICMP IEEE IFIP III INTRODUCTION IPs IRC ISP ISPs IST IUPR IV-C Image Improving Information Ingress Instead Intelligence International Internet Jin Kaiserslautern Karlin Kesidis LEGAL LIKELY LOWER Laboratories Labovitz Lampert Large Law Leckie Leiwo Liang Linux Lists Lui MIC.2006.5 MITIGATION Magazine Markus Matthias Max-Min May McPherson Messmer Methodology Mitigating Mitigation MonAM Monitoring Most Mstream NEAR NETWORK NUMBER NetCentric Network Networking Networks New Nikander Not November Nowadays OPTIMAL Oct One Only Opteron Optimal Our Outlook PACKETS PCs Pack Pappalardo Parallel Pattern Paul Peng Phat Please Practical Prefixes Press Privacy Proceedings Protection Providers RAM REFERENCES RESULTS RFC RULES Rai Ramamohanarao Recognition Referring Reif Reiter Requests Research Results Risk Router Rules Run SAME SAMPLES SDBot SEC SIGCOMM SPAN Savage Schleifer Science Section SecureComm Security Senie Server-Centric Servers Service Shin Simulation Since Sneeringer Society Source Stacheldraht Stahl States Statistical Steps Still Stork Symposium Systems TABLE TARGET TCP-SYN TFN THE THEORY TIME TNET.2004.842221 TON TPDS.2005.114 TRAINING Table Technical Telekom Temporarily The Then Theory Therefore These This Thomas Throttles Through Today Towards Trace Traceback Transactions Trinoo Tuebingen Tutorial Two UDP USA USERS Understanding Unfortunately United University Unlike VALUES VII Vixie WITHIN Wang Web Wetherall Whether Wiley-Interscience With Within Workshop Worldwide Yam Yau Yoon York You able abstract accept acceptable accepted accepting accepts accuracy achieve achieving acquired activated actual actually adapt adapted adapting adaption adaptive additional address addresses adhering adjust adjusts administrators advantage advantages advisable aggregate aim alarmingly algorithm algorithms allow allows alternatives analysis analyzing announced applicable applied apply applying approach approaches appropriate arbitrary architecture arose arrive arriving assign assigned assigning associate associated assume assumed assumptions asymmetric attack attack-detection attacked attacker attacks attempt attention attracting authorization-free automated automatic automatically availability available average aware away background bandwidth bandwidths based baseline behavior belong best better big binary bit bits blocking borders bot bots boundary breuel building calculate calculated called capacity captured carries case cause caused causes certain changing characteristic checked choice choose choosing chosen class classification classifier classifiers classifying clearly clustering coefficients collateral combine come comes common communication communications comparable compare comparing completely compression comprise comprising computational compute conclude conditional conference congesting connections considered constaint constant constantly constraint construct construction contain containing contains continue contrast contributions converges core corresponding corresponds count countries country counts created creating creation criminals crowd crucial current currently curve curves d.root-servers.org damage damaging data dataset datasets days ddos deal decided deciding decision decreases defense define deleted delivered demonstrate denial denote denotes density depend dependency depending depends depth derive descendent described descriptive destabilizing details detected detecting detection determine different directed directions directly discrete discussed discussing discussion distributed distribution dittrich does doi.acm.org doi.ieeecomputersociety.org dos downside drawn drop dropped dropping dx.doi.org e-06 e-commerce e-mail e.g eBay easily easy edge effect effective effectively effectivity efficiently elements emergency empirical employ enhanced ensures entries estimate estimated estimates estimating estimation estimator evaluation event events evolved exact example exceed excepted excluded existing expected experimental exploiting extends extort fact factor family fast father feature features field filter filtering filters financial finding fingerprints firewall firewalls fits flash floods focus follow following forged formal framework frequent fullfilled function future generation generic given global goldstein good hackers hand handle hardware having helps heuristic heuristically hierarchically high higher highest highly histogram histograms historic history-based hit horizontal host hosts http i.e idea identically identifiable identifying illegal illustrate illustrated immediate immediately impact implementation implementational implementing imposes impossible improvements include including incoming increase increases independently individually infected infer information infrastructure ingress instructions integrate intensive interim internationally internet interpolation intersection introduce investigating iptables iterative iupr.dfki.de just keeping keeps kernel know knowledge known label labels lack lampert large launch layer lead leaf leaves left legal legitimate let level like likelihood limit limited limits line link load loaded logfile logfiles long look looks loss lossless lossy low lower lowest machine main mainly major make makes malicious malware marking mask matrix max maximum measure measured mechanism media memory mentioned method methods mid-sized minimizes minimum misc mitigate mitigated mitigates mitigating mitigation mixing mixture mode modeled modelling money monitor multicast multiple n-bit nature near nearly necessarily necessary need neglecting netmask network networks new news nf-HiPAC node nodes non-parametric normal normalize notation note novel number objective observed obtain obtained obvious occur octet october21.txt ones ongoing open operate operates operating operation operators optimal optimally order organized origin outlook outperformes outperforms overall overload overview owners packages packet packets page pages paper parameter parameters parametric pass passing pattern patterns peak perform performance performed performs place places plotted pointed policy pool positive possible possibly posterior power practical practice precalculated precomputed predictions prepare prepared present prevent preventing previous previously price primary printthis prior private probabilistically probabilities probability problem procedure process processed project propagated properties propose proposed protection protocols provides pruned pruning public publicly purposes quantity quite raise random randomly ranges rate rates raw reach reached reaching react real real-life realworld reason reasons rebuild recent recognition recurring red reduce refer referred referring reflect regular reif reject rejected rejecting rejects relatively reliable relies rely remaining report representable representation representatives representing represents request requests require research resist resistant resources response restriced restrictions restrictive result resulting results rewrite rfc.net rfc2827.html rigorous rise risk robust root router rps rule rules rulesets running sample samples scaled scan scenario scheme second section secure security seen select selected selecting send sender sense sent server servers service serving set sets setup share short showed shown shows significant similar simplifying simulated simulating sites situation small smaller smoothing software solution solutions sophisticated source space span specific spoofed spoofing spreading staff.washington.edu stahl standard stands starting stated static statistical stays strength strictly strong structure structures studied successful successfully suggested summarize superior support supported survey systems takes target target-resident targeted task techniques tells term terms test testing theoretical theory theta think threat threshold time times today took tools total traceback track traffic training transport treatment tree tuned turn type typically unavailable unencrypted unique unit units unknown upcoming upgraded upper usage use used user users using usually value values variable variables varies vector version victim vol vulnerabilities vulnerable want way ways web-community webserver website websites widely wire words work workshop www.arbornetworks.com www.computerworld.com www.networkworld.com www.xvid.org years yields zombies zone