About the Authors

Jelena Mirkovic received her B.Sc. in Electrical and Computer Engineering from the University of Belgrade, Serbia, and Montenegro in 1998, and her M.S. and Ph.D. from UCLA in 2000 and 2003. She is currently an assistant professor in the Computer and Information Sciences Department, University of Delaware.

Jelena developed an interest in networking and security research during her graduate studies, and became involved in projects working on new defenses against IP spoofing and distributed denial of service attacks. Her Ph.D. work led to the first source-end DDoS defense system, called D-WARD, that prevents participation of poorly managed networks in DDoS attacks. She further worked to improve the understanding of the DDoS threat and the solution space by developing a taxonomy of DDoS attacks and of DDoS defense mechanisms. She is currently working on developing benchmarks and common evaluation methodology for testing DDoS defenses.

Since her graduation, Jelena's research interests have grown to include other network security problems such as Internet worms, intrusions, and routing attacks, but DDoS remains her "first research love" and the main focus of her investigations.

Sven Dietrich is a member of the technical staff for the CERT Coordination Center, part of the Software Engineering Institute at Carnegie Mellon University in Pittsburgh, Pennsylvania. He also has an appointment at the Carnegie Mellon CyLab, a universitywide cybersecurity research and education initiative. Prior to joining Carnegie Mellon University, Sven worked as a Senior Security Architect at the NASA Goddard Space Flight Center from 1997 to 2001, where he observed and analyzed the first distributed denial-of-service attacks against the University of Minnesota in 1999. He taught Mathematics and Computer Science as an adjunct faculty member at Adelphi University, his alma mater, from 1991 to 1997.

His research interests include survivability, computer and network security, anonymity, cryptographic protocols, and cryptography. His previous work has included a formal analysis of the secure sockets layer protocol (SSL), intrusion detection, analysis of distributed denial-of-service tools, and the security of IP communications in space. For his work on the latter he received a National Resource Group Achievement Award from the NASA Goddard Space Flight Center in 2000. His publications include Analyzing Distributed Denial of Service Tools: The Shaft Case (with N. Long and D. Dittrich) and The "mstream" Distributed Denial of Service Tool (with D. Dittrich, G. Weaver, and N. Long), as well as articles on Active Network Defense, DDoS tool analysis, and survivability. He has given invited talks and presentations on DDoS at conference venues such as USENIX, ACSAC, the IEEE Symposium on Security and Privacy, and HAL 2001, and at NASA-wide briefings, and has participated in DDoS panels at HAL 2001 and SANS Network Security 2002. He also teaches computer and network security at both the national and international level, including giving tutorials and guest lectures on DDoS.

He received a D.A. in Mathematics in 1997, a M.S. in Mathematics in 1991, and a B.S. in Computer Science and Mathematics in 1989, all from Adelphi University in Garden City, New York, and an International Baccalaureate from the International School of Geneva, Switzerland, in 1985. He is a member and former president of the New York Xi chapter of Pi Mu Epsilon, the National Mathematics Honor Society.

Sven discovered his interest in computers working on Apple ][+/e computers and a Commodore 64 in the early 1980s, in networks during his dealings with X.25 packet-switched networks, such as TELENET and TYMNET, and networked PC and Unix-based bulletin board systems in the mid- to late-1980s. His curiosity about denial of service was piqued in the early 1990s on Internet Relay Chat networks, and by witnessing an intruder flood his alma mater's Internet connection in the mid-1990s. Early on he was fascinated by the book Hackers for Moscow (Rowohlt Verlag, 1989) describing the hackers' view of Clifford Stoll's Cuckoo's Egg (a book he has not read to this day). His passion remains the beauty of mathematics.

David Dittrich began his computing career in 1979 with a "family owned" (read "his personal") Apple ][+, which he used to maintain a local credit union's membership mailing list. He wrote his own terminal emulator (in assembly, dove-tailed using jump instructions into the slack space between subroutines in the published Apple DOS assembly listing so as not to take up any added space on the only disk drive, a 720KB floppy disk!). This allowed him to be the primary user of one of the two modems owned by Western Washington University to do his Computer Science homework from at home while drinking beer and listening to the likes of Pink Floyd, Led Zeppelin, and Steely Dan (while the other students had to sit in straightback chairs at VT100 terminals in the main terminal room). Dave's background in programming and system administration on several platforms and operating systems was honed first at WWU, then the Boeing Company, and finally when he moved in 1990 to the University of Washington. His role as the main Unix workstation support contact for the entire UW campus led him to become an expert in dealing with Unix computer intrusions and malware of all types. Dave has been a prolific selfpublisher of white papers, FAQs, and malware tool analyses, all intended to make his (and everyone else's) life easier in dealing with computer intrusions. Dave is most widely known for his research into Distributed Denial of Service attack tools, starting with an invited talk at the November 1999 CERT Distributed System Intruder Tools Workshop and leading to invited talks and panels on DDoS at SANS, the USENIX Security Symposium, JASON summer workshop, DDoS BoF sessions at RSA 2000 and NANOG, and HAL 2001 in the Netherlands. Dave received one of SANS' Security Technology Leadership Awards in 2000 for his work in understanding DDoS tools.

Besides DDoS, Dave is also active in other areas of host and network forensics, honeynets, and information assurance. He has taught Unix Forensic Analysis at the Black Hat Briefings and both taught in and cochaired SANS' first forensic track at SANS FIRE '01. As one of the founding members of the Honeynet Project, he led the "Forensic Challenge" (the first ever forensic analysis challenge based on a published "in the wild" compromised Linux system), and now leads the development of the nextgeneration distributed Honeywall CD-ROM.

Dave has contributed to the books Know Your Enemy, by the Honeynet Project (Addison-Wesley, 2001), The Hacker's Challenge, edited by Mike Schiffman (McGraw Hill, 2001), and two articles in the Handbook of Information Security, edited by Hossein Bidgoli (John Wiley & Sons, 2005). His Web page and papers are referenced in dozens of popular Linux, system administration, and computer security books. He has also spoken around the world at conferences such as the Black Hat Briefings, CanSecWest, SANS, Korea's OlymFair, and Austalia's AusCERT; and at several workshops, classes, professional organizations, and government agencies. He has been interviewed in print, radio, and television from the campus level to international media outlets.

His home page can be found at http://staff.washington.edu/dittrich/

Peter Reiher received his B.S. in Electrical Engineering from the University of Notre Dame in 1979. He received an M.S. and a Ph.D. in Computer Science from UCLA in 1983 and 1987, respectively.

Dr. Reiher spent five years working at JPL, where he served as the principal designer for the Time Warp Operating System. He then returned to UCLA, where he is now an adjunct associate professor in the Computer Science Department. He has worked on a variety of research topics, including distributed operating systems, parallel discrete event simulation, optimistically replicated file systems and databases, mobile computing, active networks, and various issues in file system design. In recent years, much of his research has centered around network security topics, particularly combatting IP spoofing and defending against distributed denial of service attacks. The SAVE system to combat IP spoofing, the D-WARDDDoS defense system, and the DefCOMDDoS defense system all originated in his research group at UCLA.