scispace - formally typeset
Search or ask a question
Author

Jelena Mirkovic

Bio: Jelena Mirkovic is an academic researcher from Information Sciences Institute. The author has contributed to research in topics: Denial-of-service attack & Computer science. The author has an hindex of 28, co-authored 89 publications receiving 4710 citations. Previous affiliations of Jelena Mirkovic include University of California, Los Angeles & University of Southern California.


Papers
More filters
Journal ArticleDOI
01 Apr 2004
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Abstract: Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.

1,866 citations

Proceedings ArticleDOI
12 Nov 2002
TL;DR: D-WARD is proposed, a DDoS defense system deployed at source-end networks that autonomously detects and stops attacks originating from these networks that offers good service to legitimate traffic even during an attack, while effectively reducing DDoS traffic to a negligible level.
Abstract: Distributed denial-of-service (DDoS) attacks present an Internet-wide threat. We propose D-WARD, a DDoS defense system deployed at source-end networks that autonomously detects and stops attacks originating from these networks. Attacks are detected by the constant monitoring of two-way traffic flows between the network and the rest of the Internet and periodic comparison with normal flow models. Mismatching flows are rate-limited in proportion to their aggressiveness. D-WARD offers good service to legitimate traffic even during an attack, while effectively reducing DDoS traffic to a negligible level. A prototype of the system has been built in a Linux router. We show its effectiveness in various attack scenarios, discuss motivations for deployment, and describe associated costs.

486 citations

Proceedings ArticleDOI
23 Jun 2002
TL;DR: A new protocol is described, named SAVE, that can provide routers with the information needed for source address validation, and its correctness and performance are evaluated by simulation experiments.
Abstract: Forcing all IP packets to carry correct source addresses can greatly help network security, attack tracing, and network problem debugging. However, due to asymmetries in today's Internet routing, routers do not have readily available information to verify the correctness of the source address for each incoming packet. In this paper we describe a new protocol, named SAVE, that can provide routers with the information needed for source address validation. SAVE messages propagate valid source address information from the source location to all destinations, allowing each router along the way to build an incoming table that associates each incoming interface of the router with a set of valid source address blocks. This paper presents the protocol design and evaluates its correctness and performance by simulation experiments. The paper also discusses the issues of protocol security, the effectiveness of partial SAVE deployment, and the handling of unconventional forms of network routing, such as mobile IP and tunneling.

271 citations

Journal ArticleDOI
TL;DR: D-WARD is proposed, a source- end DDoS defense system that achieves autonomous attack detection and surgically accurate response, thanks to its novel traffic profiling techniques, the adaptive response and the source-end deployment.
Abstract: Defenses against flooding distributed denial-of-service (DDoS) commonly respond to the attack by dropping the excess traffic, thus reducing the overload at the victim. The major challenge is the differentiation of the legitimate from the attack traffic, so that the dropping policies can be selectively applied. We propose D-WARD, a source-end DDoS defense system that achieves autonomous attack detection and surgically accurate response, thanks to its novel traffic profiling techniques, the adaptive response and the source-end deployment. Moderate traffic volumes seen near the sources, even during the attacks, enable extensive statistics gathering and profiling, facilitating high response selectiveness. D-WARD inflicts an extremely low collateral damage to the legitimate traffic, while quickly detecting and severely rate-limiting outgoing attacks. D-WARD has been extensively evaluated in a controlled testbed environment and in real network operation. Results of selected tests are presented in the paper.

211 citations

Book
01 Jan 2005
TL;DR: In this article, the authors present an overview of DDoS Defenses, including recruitment of an Agent Network, recruitment of the Agent Network Controlling the DDoS Agent Network Semantic Levels of DoS Attacks Attack Toolkits What Is IP Spoofing? DDoS Attack Trends 5. Detailed Defense Approaches 6.
Abstract: Foreword. Acknowledgments. About the Authors. 1. Introduction. DoS and DdoS Why Should We Care? What Is This Book? Who Is This Book For? What Can This Book Help You Do? Outline of the Remaining Chapters 2. Understanding Denial of Service. The Ulterior Motive Meet the Attackers Behind the Scenes Distribution Effects DDoS: Hype or Reality? How Vulnerable Are You to DDoS? 3. History of DoS and DDoS. Motivation Design Principles of the Internet DoS and DDoS Evolution 4. How Attacks Are Waged. Recruitment of the Agent Network Controlling the DDoS Agent Network Semantic Levels of DDoS Attacks Attack Toolkits What Is IP Spoofing? DDoS Attack Trends 5. An Overview of DDoS Defenses. Why DDoS Is a Hard Problem DDoS Defense Challenges Prevention versus Protection and Reaction DDoS Defense Goals DDoS Defense Locations Defense Approaches 6. Detailed Defense Approaches. Thinking about Defenses General Strategy for DDoS Defense Preparing to Handle a DDoS Attack Handling an Ongoing DDoS Attack as a Target Handling an Ongoing DDoS Attack as a Source Agreements/Understandings with Your ISP Analyzing DDoS tools 7. Survey of Research Defense Approaches. Pushback Traceback D-WARD NetBouncer Secure Overlay Services (SOS) Proof of Work DefCOM COSSACK Pi SIFF: An End-Host Capability Mechanism to Mitigate DDoS Flooding Attacks Hop-Count Filtering (HCF) Locality and Entropy Principles An Empirical Analysis of Target-Resident DoS Filters Research Prognosis 8. Legal Issues. Basics of the U.S. Legal System Laws That May Apply to DDoS Attacks Who Are the Victims of DDoS? How Often Is Legal Assistance Sought in DDoS Cases? Initiating Legal Proceedings as a Victim of DdoS Evidence Collection and Incident Response Procedures Estimating Damages Jurisdictional Issues Domestic Legal Issues International Legal Issues Self-Help Options A Few Words on Ethics Current Trends in International Cyber Law 9. Conclusions. Prognosis for DdoS Social, Moral, and Legal Issues Resources for Learning More Conclusion Appendix A. Glossary. Appendix B. Survey of Commercial Defense Approaches. Mazu Enforcer by Mazu Networks Peakflow by Arbor Networks WS Series Appliances by Webscreen Technologies Captus IPS by Captus Networks MANAnet Shield by CS3 Cisco Traffic Anomaly Detector XT and Cisco Guard XT StealthWatch by Lancope Summary Appendix C. DDoS Data. 2004 CSI/FBI Computer Crime and Security Survey Inferring Internet Denial-of-Service Activity A Framework for Classifying Denial-of- Service Attacks Observations and Experiences Tracking Denial-of-Service Attacks across a Regional ISP Report on the DDoS Attack on the DNS Root Servers Conclusion References. Index.

158 citations


Cited by
More filters
Journal ArticleDOI
01 Apr 2004
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Abstract: Distributed denial-of-service (DDoS) is a rapidly growing problem. The multitude and variety of both the attacks and the defense approaches is overwhelming. This paper presents two taxonomies for classifying attacks and defenses, and thus provides researchers with a better understanding of the problem and the current solution space. The attack classification criteria was selected to highlight commonalities and important features of attack strategies, that define challenges and dictate the design of countermeasures. The defense taxonomy classifies the body of existing DDoS defenses based on their design decisions; it then shows how these decisions dictate the advantages and deficiencies of proposed solutions.

1,866 citations

Proceedings ArticleDOI
Frank McSherry1
29 Jun 2009
TL;DR: PINQ's unconditional structural guarantees require no trust placed in the expertise or diligence of the analysts, substantially broadening the scope for design and deployment of privacy-preserving data analysis, especially by non-experts.
Abstract: We report on the design and implementation of the Privacy Integrated Queries (PINQ) platform for privacy-preserving data analysis. PINQ provides analysts with a programming interface to unscrubbed data through a SQL-like language. At the same time, the design of PINQ's analysis language and its careful implementation provide formal guarantees of differential privacy for any and all uses of the platform. PINQ's unconditional structural guarantees require no trust placed in the expertise or diligence of the analysts, substantially broadening the scope for design and deployment of privacy-preserving data analysis, especially by non-experts.

1,278 citations

Proceedings Article
16 Aug 2017
TL;DR: It is argued that Mirai may represent a sea change in the evolutionary development of botnets--the simplicity through which devices were infected and its precipitous growth, and that novice malicious techniques can compromise enough low-end devices to threaten even some of the best-defended targets.
Abstract: The Mirai botnet, composed primarily of embedded and IoT devices, took the Internet by storm in late 2016 when it overwhelmed several high-profile targets with massive distributed denial-of-service (DDoS) attacks. In this paper, we provide a seven-month retrospective analysis of Mirai's growth to a peak of 600k infections and a history of its DDoS victims. By combining a variety of measurement perspectives, we analyze how the botnet emerged, what classes of devices were affected, and how Mirai variants evolved and competed for vulnerable hosts. Our measurements serve as a lens into the fragile ecosystem of IoT devices. We argue that Mirai may represent a sea change in the evolutionary development of botnets--the simplicity through which devices were infected and its precipitous growth, demonstrate that novice malicious techniques can compromise enough low-end devices to threaten even some of the best-defended targets. To address this risk, we recommend technical and nontechnical interventions, as well as propose future research directions.

1,236 citations

Journal ArticleDOI
TL;DR: The primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
Abstract: Distributed Denial of Service (DDoS) flooding attacks are one of the biggest concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users' access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more targets. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks. In this paper, we explore the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.

1,153 citations