Tolerating Denial - of - Service Attacks A System Approach
نویسندگان
چکیده
OF THE DISSERTATION Tolerating Denial-of-Service Attacks A System Approach by Ju Wang Doctor of Philosophy in Computer Science University of California, San Diego, 2005 Professor Andrew A. Chien, Chair Proxy network-based defense has recently emerged to address an open research challenge protecting Internet service applications from Denial-of-Service (DoS) attacks. Such schemes use a proxy network as a mediator for a hidden application to prevent direct attacks on the applications physical infrastructure, while maintaining communication between users and the application. The proxy network provides a distributed front-end to disperse DoS attack traffic, thereby shielding the application. However, the basic feasibility and fundamental properties of such schemes remain unclear, posing critical challenges for their use. This dissertation addresses these challenges by exploring proxy networks ability to resist important attacks: penetration, proxy depletion, and DoS attacks. We develop a generic analytic framework for proxy network-based systems, and use it to analyze proxy networks resilience to penetration and proxy depletion attacks, characterizing how attacks, defenses, proxy network structure, and correlation in host vulnerabilities affect feasibility. Furthermore, using online simulation, we quantify the resistance to DoS attacks at an unprecedented scale and realism, by running real application, proxy
منابع مشابه
HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets
Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملTolerating Intrusions in Grid Systems
Grid systems are designed to support very large data set computations, that potentially access significant resources spread through several organizations. These resources can be very tempting for a hacker because they can be used, for example, to break pass-phrases with brute-force attacks or to launch distributed denial of service attacks to a given target. In this paper, we explain how malici...
متن کاملTolerating Denial-of-Service Attacks Using Overlay Networks - Impact of Overlay Network Topology
Proxy-network based overlays have been proposed to protect Internet Applications against Denial-of-Service (DoS) attacks by hiding an application’s location. We study how a proxy network’s topology influences the effectiveness of location-hiding. We provide a general analysis of system dynamics under attack, and study how the speed of attack, speed of defense, and proxy network topology affect ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005