Exploiting the transients of adaptation for RoQ attacks on Internet resources
作者: M. Guirguis , A. Bestavros , I. Matta
DOI: 10.1109/ICNP.2004.1348109
关键词: Denial-of-service attack 、 Network element 、 Computer network 、 Computer science 、 Service quality 、 Adaptive behavior 、 Exploit 、 The Internet 、 Adaptation (computer science) 、 Quality of service 、 Computer security
摘要: We expose an unorthodox adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. show well orchestrated could introduce significant inefficiencies potentially deprive network element from much capacity, or significantly reduce service quality, while evading detection by consuming unsuspicious, small fraction element's hijacked This type stands in sharp contrast traditional brute-force, sustained high-rate DoS attacks, recently proposed attacks exploit specific protocol settings such TCP timeouts. exemplify what we term reduction quality (RoQ) exposing vulnerabilities common adaptation mechanisms. develop control-theoretic models and associated metrics quantify these vulnerabilities. present numerical simulation results, which validate with observations real Internet experiments. Our findings motivate need for development mechanisms are resilient new forms attacks.
txstate.edu 参考文章(31)
John S. Heidemann, Christos G. Papadopoulos, Anwar A Hussain, A Framework for Classifying DoS Attacks ,(2003)
Kevin J. Houle, George M. Weaver, Trends in Denial of Service Attack Technology ,(2001)
David Culler, Matt Welsh, Adaptive overload control for busy internet servers usenix symposium on internet technologies and systems. pp. 4- 4 ,(2003)
Frank Kelly, Mathematical Modelling of the Internet Springer, Berlin, Heidelberg. pp. 685- 702 ,(2001) , 10.1007/978-3-642-56478-9_35
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
Katsuhiko Ogata, Modern control engineering (3rd ed.) Prentice-Hall, Inc.. ,(1996)
S.H. Low, F. Paganini, Jiantao Wang, S. Adlakha, J.C. Doyle, Dynamics of TCP/RED and a scalable control international conference on computer communications. ,vol. 1, pp. 239- 248 ,(2002) , 10.1109/INFCOM.2002.1019265
C.V. Hollot, V. Misra, D. Towsley, Wei-Bo Gong, A control theoretic analysis of RED international conference on computer communications. ,vol. 3, pp. 1510- 1519 ,(2001) , 10.1109/INFCOM.2001.916647
D. Senie, P. Ferguson, Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing RFC 2827-BCP 38. ,vol. 2267, pp. 1- 10 ,(1998)