Boteanu et al., 2013 - Google Patents
A comprehensive study of queue management as a DoS counter-measureBoteanu et al., 2013
View PDF- Document ID
- 9826926942160464624
- Author
- Boteanu D
- Fernandez J
- Publication year
- Publication venue
- International journal of information security
External Links
Snippet
The purpose of a denial of service (DoS) attack is to render a network service unavailable for legitimate users. We address the problem of DoS attacks on connection-oriented protocols where the attacker tries to deplete the server connection by initiating communication with the …
- 235000010384 tocopherol 0 abstract description 56
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/19—Flow control or congestion control at layers above network layer
- H04L47/193—Flow control or congestion control at layers above network layer at transport layer, e.g. TCP related
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/26—Explicit feedback to the source, e.g. choke packet
- H04L47/263—Source rate modification after feedback
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/24—Flow control or congestion control depending on the type of traffic, e.g. priority or quality of service [QoS]
- H04L47/2441—Flow classification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic regulation in packet switching networks
- H04L47/10—Flow control or congestion control
- H04L47/32—Packet discarding or delaying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Application independent communication protocol aspects or techniques in packet data networks
- H04L69/16—Transmission control protocol/internet protocol [TCP/IP] or user datagram protocol [UDP]
- H04L69/163—Adaptation of TCP data exchange control procedures
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gupta et al. | Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment | |
| Fichera et al. | OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers | |
| Bogdanoski et al. | Analysis of the SYN flood DoS attack | |
| Aamir et al. | A survey on DDoS attack and defense strategies: from traditional schemes to current techniques | |
| Conti et al. | Lightweight solutions to counter DDoS attacks in software defined networking | |
| Tayfour et al. | Collaborative detection and mitigation of distributed denial-of-service attacks on software-defined network | |
| Cambiaso et al. | Slowcomm: Design, development and performance evaluation of a new slow DoS attack | |
| US10547636B2 (en) | Method and system for detecting and mitigating denial-of-service attacks | |
| Dang et al. | Sdn-based syn proxy—a solution to enhance performance of attack mitigation under tcp syn flood | |
| Haddadi et al. | DoS-DDoS: taxonomies of attacks, countermeasures, and well-known defense mechanisms in cloud environment | |
| Cambiaso et al. | Introducing the slowdrop attack | |
| Arafat et al. | A practical approach and mitigation techniques on application layer DDoS attack in web server | |
| Arunmozhi et al. | Ddos attack and defense scheme in wireless ad hoc networks | |
| Aamir et al. | Ddos attack and defense: Review of some traditional and current techniques | |
| Boteanu et al. | A comprehensive study of queue management as a DoS counter-measure | |
| Al‐Hammouri et al. | ReCAP: a distributed CAPTCHA service at the edge of the network to handle server overload | |
| Amiri et al. | Theoretical and experimental methods for defending against DDoS attacks | |
| Kong et al. | Random flow network modeling and simulations for DDoS attack mitigation | |
| Furfaro et al. | Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks | |
| Gurusamy et al. | Detection and mitigation of UDP flooding attack in a multicontroller software defined network using secure flow management model | |
| Devi et al. | Cloud-based DDoS attack detection and defence system using statistical approach | |
| Djalaliev et al. | Sentinel: hardware-accelerated mitigation of bot-based DDoS attacks | |
| Arunmozhi et al. | A flow monitoring scheme to defend reduction-of-quality (RoQ) attacks in mobile ad-hoc networks | |
| Beitollahi et al. | A cooperative mechanism to defense against distributed denial of service attacks | |
| Jingle et al. | Distributed detection of DoS using clock values in wireless broadband networks |