Wang et al., 2008 - Google Patents
A multi-layer framework for puzzle-based denial-of-service defenseWang et al., 2008
View PDF- Document ID
- 10887300326117562878
- Author
- Wang X
- Reiter M
- Publication year
- Publication venue
- International Journal of Information Security
External Links
Snippet
Client puzzles have been advocated as a promising countermeasure to denial-of-service (DoS) attacks in recent years. However, how to operationalize this idea in network protocol stacks still has not been sufficiently studied. In this paper, we describe our research on a …
- 238000000034 method 0 abstract description 40
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8171562B2 (en) | System and methods for protecting against denial of service attacks | |
| Wang et al. | Mitigating bandwidth-exhaustion attacks using congestion puzzles | |
| Beitollahi et al. | Analyzing well-known countermeasures against distributed denial of service attacks | |
| Thakur | Analysis of denial of services (DOS) attacks and prevention techniques | |
| Gu et al. | Denial of service attacks | |
| Wang et al. | Defending against denial-of-service attacks with puzzle auctions | |
| Feng et al. | Design and implementation of network puzzles | |
| US8321955B2 (en) | Systems and methods for protecting against denial of service attacks | |
| Gupta et al. | Defending against distributed denial of service attacks: issues and challenges | |
| US8745723B2 (en) | System and method for providing unified transport and security protocols | |
| US8631484B2 (en) | Systems and methods for inhibiting attacks with a network | |
| US20010042200A1 (en) | Methods and systems for defeating TCP SYN flooding attacks | |
| Kavisankar et al. | A mitigation model for TCP SYN flooding with IP spoofing | |
| Mohammadi et al. | SYN‐Guard: An effective counter for SYN flooding attack in software‐defined networking | |
| Wang et al. | A multi-layer framework for puzzle-based denial-of-service defense | |
| Abliz et al. | A guided tour puzzle for denial of service prevention | |
| Aamir et al. | Ddos attack and defense: Review of some traditional and current techniques | |
| EP1154610A2 (en) | Methods and system for defeating TCP Syn flooding attacks | |
| Yuvaraj et al. | Some investigation on DDOS attack models in mobile networks | |
| Chan | Efficient defence against misbehaving tcp receiver dos attacks | |
| Djalaliev et al. | Sentinel: hardware-accelerated mitigation of bot-based DDoS attacks | |
| Shrivastava et al. | The detection & defense of DoS & DDos attack: a technical overview | |
| Kavisankar et al. | CNoA: Challenging Number Approach for uncovering TCP SYN flooding using SYN spoofing attack | |
| AT&T | 0.8-21shots.eps | |
| Bocan | Developments in DOS research and mitigating technologies |