|
[1] Dittrich, D. “The tribe Flood Network distributed denial of service attack tool”. http://staff.washington.edu/dittrich/misc/tfn.analysis. [2] “computer emergency response team, cert advisory ca-2000-01: Denial-of-service developments”. http://www.cert.org/advisories/ca-2000-01.html. 2000. [3] D. Moore, G. Voelker, and S. Savage. “Inferring internet denial-of-service activity”. In Usenix Security Symposium, 2001. [4] Savage, S., Wetherall, D., Karlin, A., & Anderson, T., (2001). “Network support for IP traceback”, IEEE/ACM Trans. Netw., Vol.9, No.3, pp.226–237. Also appeared in Proc. ACM SIGCOMM Conf., pp.295–306, Aug. 2000. [5] Waldvogel, M., (2002). “GOSSIB vs. IP traceback rumors”, Proc. 18th Ann. Computer Security Applications Conf. (ACSAC 2002), pp.5–13. [6] K.J. Houle, G.M. Weaver, “Trends in Denial of Service Attack Technology”, CERT Coordination Center, Oct 2001. http://www.cert.org/archive/pdf/DoS_trends.pdf [7] “Overview of scans and DDoS attacks,” [Online]. Available: www.iwar.org.uk/comsec/resources/dos/ddos.pdf [8] David McGuire and Brian Krebs. “Attack on internet called largest ever. washingtonpost.com, October 2002” http://washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html [9] CERT CC. Trends in Denial of Service Attack Technology, October 2001. [10] V. Paxson. An analysis of using reflectors for distributed denial-of-service attacks, ACM Computer Communications Review (CCR), 31(3), July 2001. [11] CERT CC. Smurf attack. http://www.cert.org/advisories/CA-1998-01.html. [12] "CERT advisory CA-1998-01 smurf IP Denial-of-Service attacks," available at http://www.cert.org/advisories/CA-1998-01.html, January 1998. [13] T. M. Gil, and M. Poletto, “MULTOPS: a data-structure for bandwidth attack detection”, 10th Usenix Security Symposium, 2001, pp.23-38. [14] R. Mahajan, S. Floyd, and D. Wetherall, “Controlling High-Bandwidth Flows at the Congested Router”, IEEE ICNP 2001, pp.192-201. [15] Y. Xiang, W. Zhou, and M. Chowdhury, “A Survey of Active and Passive Defence Mechanisms against DDoS Attacks”, Technical Report, TR C04/02, School of Information Technology, Deakin University, Australia, 2004. [16] Y. Xiang and W. Zhou, “An Active Distributed Defense System to Protect Web Applications from DDoS Attacks”,iiWAS2004, pp. 559-568. [17]Rantul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker, “Controlling high bandwidth aggregates in the network,” Technical report, AT&T Center for Internet Research at ICSI, July 2001. [18] Ioannidis, j., & Bellovin, S. M., (2002). “Implementing pushback: router-based defense against DDoS attacks”, Proc. Network and Distributed System Security Symp., pp.6–8, San Diego, CA. [19] Park, K., & Lee, H., (2000). “A proactive approach to distributed dos attack prevention using route-based distributed filtering”, Technical Report CSD-00-017, Department of Computer Sciences, Purdue University. [20] Burch, H., & Cheswick, B., (2000). “Tracing anonymous packets to their approximate source”, Usenix LISA (New Orleans) Conf., pp.313–322. [21] Aljifri, H., (2003). “IP traceback: a new denial-of-service deterrent?” IEEE Security & Privacy Magazine, Vol.1, No.3, pp.24–31. [22] G. Sager. Security Fun with OCxmon and cflowd. Presentation at the Internet 2 Working Group, Nov. 1998. [23] R. Stone. CenterTrack: An IP Overlay Network for Tracking DoS Floods. In to appear in Proceedings of thje 2000 USENIX Security Symposium, Denver, CO, July 2000. [24] Stone, R., (2000). “CenterTrack: An IP overlay network for tracking DoS floods”, Proc. 9th USENIX Security Symp., pp.199–212, Denver, CO [25] Baba, T., & Matsuda, S., (2002). “Tracing network attacks to their sources”, IEEE Internet Computing, Vol.6, No.2, pp.20–26 [26] Snoeren, A. C., Partridge, C., Sanchez, L. A., Jones, C. E., Tchakountio, F., Kent, S. T., & Strayer, W. T., (2001). ”Hash-based IP traceback”, Proc. ACM 134 SIGCOMM Applications, Technologies, Architectures, and Protocols for Computer Communication, pp.3–14. [27] Hassan Aljifri University of Miami (2003). “IP Traceback: A New Denial-of-Service Deterrent?”, IEEE security & Privacy, pp24-27 [28] Bellovin, S. M., (2000). “ICMP traceback messages”, IETF, Internet Draft, draft-bellovin-itrace-00.txt. [29] Bellovin, S. M., Leech, M., Taylor, T., (2001). “ICMP traceback messages”,IETF, Internet Draft, draft-ietf-itrace-01.txt. [30] Mankin, A., Massey, D., Wu, C. L., Wu, S. F., & Zhang, L., (2001) “On design and evaluation of `intention-driven' ICMP traceback”, Proc. IEEE Int. Conf. Computer Communications and Netw., pp.159–165. [31] Wu, S. F., Zhang, L., Massey, D., & Mankin, A., (2001). “Intention-Driven ICMP Trace-back”, IETF, Internet Draft, draft-wu-itrace-intention-00.txt. [32] Wu, S. F., Zhang, L., Massey, D., & Mankin, A., (2001). “Intention-Driven ICMP Trace-back”, IETF, Internet Draft: draft-wu-itrace-intention-01.txt. [33] Dawn X. Song and Adrian Perrig., (2001), “Advanced and authenticated marking schemes for IP traceback,” Proc. IEEE INFOCOM, pp.878–886 [Online]. Available: http://www.cert.org/advisories/CA-96.21.ping.html [34] Dean, D., Franklin, M., & Stubblefield, A., (2001). ”An algebraic approach to IP traceback,” Proc. of the Network and Distributed System Security Symp.(NDSS), pp.3–12. [35] Park, K., & Lee, H., (2001). “On the effectiveness of probabilistic packet marking for IP traceback under Denial of Service attack,” Proc. 20th Annual Joint Conf. IEEE Computer and Communications Societies, pp.338–347 [36] Computer Emergency Response Team, “CERT Advisory CA-92.21: TCP SYN flooding and IP spoofing attacks”, [37] Kuznetsov, V., Simkin, A., & Sandstrom, H., (2002). “An evaluation of different IP traceback approaches”, Proc. 4th Intl. Conf. Information and Communications Security, pp.37–48 [38] He, C., (2002). Formal specifications of traceback marking protocols, An Honors Thesis, The University of Texas at Austin Department of Computer Sciences Austin, Texas [39] K.T. Law, John C.S. Lui, and David K.Y. Yau., (2002) “You can run, But you can’t hide: An Effective Methodology to traceback DDoS attackers”, Proc.10th IEEE int’l Symp , MASCOTS ’02.. [40] Templeton, S. J., and Levitt, K. E., “Detecting spoofed packets”, Proc. 3rd IEEE DARPA Information Survivability Conference and Exposition (DISCEX), Washington, D.C, 2003, pp.164–175, [41] Internet Storm Center. [Online]. Available: http://isc.incidents.org/ [42] LBNL Network Research Group. UCB/ LBNL/ VINT Network Simulator—ns (version 2), DARPA: VINT project. [Online]. Available:http://www.isi.edu/nsnam/ns [43] “Internet mapping”, http://research.lumeta.com/ches/map/dbs/index.html [44] Teo peng, Christopher Lecki and Kotairi Ramamohanroa, “Adjusted Probabilistic Packet Marking,” in the Pro. of Networking 2002, Pisa, Italy ,May 2002.
|