Definition
DoS attack: A Denial of Service attack is an incident in which a legitimate user or organization is forcefully, and in many times unlawfully, prevented from accessing information, services or of a resource they would normally expect to have.
DDoS attack: Distributed Denial-of-Service (DDoS) attack is a special case of DoS where large numbers of distributed compromised systems attack a target.
Bandwidth exhaustion attacks: These are a special case of DoS attacks that the adversary focuses on depleting the capacity of the network links of a user or an organization rendering them unusable.
Overlay networks: An overlay network is a computer network that is formed on top of another network. Nodes in the overlay network are connected using virtual or logical links, perhaps utilizing many links from the underlying network. For instance, many peer-to-peer networks are overlay networks because they are build on top of the Internet.
Background
One of the most prominent classes of DoS...
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsRecommended Reading
Estonia recovers from massive denial-of-service attack (2007) by Jeremy Kirk, IDG News Service, 05/17/2007, (http://www.networkworld.com/news/2007/051707-estonia-recovers-from-massive-denial-of-service.html). Accessed 17 May 2007
Georgian websites forced offline in ‘cyber war’ (2008) by Asher Moses, The Sunday Morning Herald. (http://www.smh.com.au/news/technology/georgian-websites-forced-offline-in-cyber-war/2008/08/12/1218306848654.html). Accessed 12 Aug 2008
Pro-Georgia blogger ‘George’ target of Twitter attack (2009) by Hilary Whiteman, CNN. (http://www.cnn.com/2009/TECH/08/07/russia.georgia.twitter.attack/index.html). Accessed 7 Aug 2009
Keromytis AD, Misra V, Rubenstein D (2002) SOS: Secure Overlay Services. In: Proceedings of ACM SIGCOMM, pp 61–72
Keromytis AD, Misra V, Rubenstein D (2004) SOS: an architecture for mitigating DDoS attacks. IEEE Journal on Selected Areas of Communications (JSAC), 33(3):413–426, 2004
Andersen DG (2003) Mayday: Distributed Filtering for Internet Services. In: Proceedings of the 4th USENIX Symposium on Internet Technologies and Systems (USITS), 2003
Bellovin SM (1999) Distributed Firewalls; login: magazine, special issue on security, November 1999, pp 37–39
Ioannidis S, Keromytis AD, Bellovin S, Smith J (2000) Implementing a distributed firewall. In: Proceedings of Computer and Communications Security (CCS), pp 190–199
Stoica I, Morris R, Liben-Nowell D, Karger DR, Kaashoek MF, Dabek F, Balakrishnan H (2003) Chord: a scalable peer-to-peer lookup protocol for internet applications. IEEE/ACM Trans. Netw. 11, 1 (Feb. 2003), 17–32. DOI= http://dx.doi.org/10.1109/TNET.2002.808407
Karger D, Lehman E, Leighton F, Panigrahy R, Levine M, Lewin D (1997) Consistent hashing and random trees: distributed caching protocols for relievig hot spots on the World Wide Web, In: Proceedings of ACM Symposium on Theory of Computing (STOC), pp 654–663
Morein WG, Stavrou A, Cook DL, Keromytis AD, Misra V, Rubenstein D (2003) Using graphic turing tests to counter automated DDoS attacks against web servers. In: Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS), pp 8–19
Stavrou A, Cook DL, Morein WG, Keromytis AD, Misra V, Rubenstein D (2005) Websos: an overlay-based system for protecting web servers from denial of service attacks. J Commun Netw 48(5)
von Ahn L, Blum M, Hopper NJ, Langford J (2003) CAPTCHA: using hard AI problems for security. In: Proceedings of EUROCRYPT
CCITT, X.509 (1989) The directory authentication framework, International Telecommunications Union, Geneva
Andersen DG, Balakrishnan H, Frans Kaashoek M, Rao RN (2005) Improving Web Availability for Clients with MONET. In: Proceedings of the 2nd Symposium on Networked Systems Design and Implementation (NSDI)
Stavrou A, Keromytis AD, Nieh J, Misra V, Rubenstein D (2005) MOVE: an end-to-end solution to network denial of service. In: Proceedings of the ISOC Symposium on Network and Distributed System Security (SNDSS), pp 81–96
Osman S, Subhraveti D, Su G, Nieh J (2002) The design and implementation of zap: a system for migrating computing environments. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI), pp 361–376
Kuzmanovic A, Knightly EW (2003) Low-Rate TCP-targeted denial of service attacks. In: Proceedings of ACM SIGCOMM, pp 75–86
Stavrou A, Keromytis AD (2005) Countering DoS attacks with stateless multipath Overlays. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS), pp 249–259
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Stavrou, A. (2011). Overlay-Based DoS Defenses. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_273
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_273
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering