An Empirical Analysis of Target-Resident DoS Filters

S
SP
2004
2004 IEEE Symposium on Security and Privacy
Abstract - An Empirical Analysis of Target-Resident DoS Filters

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Collins Articles by Michael K. Reiter

2004 IEEE Symposium on Security and Privacy

Berkeley, California

May 09-May 12

ISBN: 0-7695-2136-3

	ASCII Text	x
	Michael Collins, Michael K. Reiter, "An Empirical Analysis of Target-Resident DoS Filters," Security and Privacy, IEEE Symposium on, pp. 103, 2004 IEEE Symposium on Security and Privacy, 2004.

	BibTex	x
	@article{ 10.1109/SECPRI.2004.1301318, author = {Michael Collins and Michael K. Reiter}, title = {An Empirical Analysis of Target-Resident DoS Filters}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2004}, issn = {1540-7993}, pages = {103}, doi = {http://doi.ieeecomputersociety.org/10.1109/SECPRI.2004.1301318}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - An Empirical Analysis of Target-Resident DoS Filters SN - 1540-7993 SP EP A1 - Michael Collins, A1 - Michael K. Reiter, PY - 2004 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Michael Collins, Carnegie Mellon University, Pittsburgh, PA

Michael K. Reiter, Carnegie Mellon University, Pittsburgh, PA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SECPRI.2004.1301318

Numerous techniques have been proposed by which an end-system, subjected to a denial-of-service flood, filters the offending traffic. In this paper, we provide an empirical analysis of several such proposals, using traffic recorded at the border of a large network and including real DoS traffic. We focus our analysis on four filtering techniques, two based on the addresses from which the victim server typically receives traffic (static clustering and network-aware clustering), and two based on coarse indications of the path each packet traverses (hop-count filtering and path identifiers). Our analysis reveals challenges facing the proposed techniques in practice, and the implications of these issues for effective filtering. In addition, we compare techniques on equal footing, by evaluating the performance of one scheme under assumptions made by another. We conclude with an interpretation of the results and suggestions for further analysis.

Citation:

Michael Collins, Michael K. Reiter, "An Empirical Analysis of Target-Resident DoS Filters," sp, pp.103, 2004 IEEE Symposium on Security and Privacy, 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.