NETSEC

The last decade saw an exponential increase in the size of the Internet.  Most major corporations have integrated the World Wide Web in their business model for a new millennium.  There are even some like Amazon.com , which have no physical real world front end, but rather conduct all their business on the web.  Regardless, the Internet is critical component of the infrastructure of all of these corporations.  Unfortunately the Internet component is also the most vulnerable; malicious attackers can shut down all web servers for a period of days, effectively stopping or significantly slowing down business.  The most common of such attacks are called Denial of Service(DoS) attacks.  The attacker tries to use up all of the resources of the servers so that legitimate clients can no longer be serviced.  Depending on the effectiveness of the attack, customers will see anything from a noticeable slowdown to inability to connect to the client.  Either way, businesses lose money. 

The anonymity of the most used internet protocol, TCP-IP makes it very difficult to stop a DoS attack.  The client is responsible for setting the source address and most other characteristics of the packets sent.  As such, firewalls on the server side have a difficult time filtering out malicious from legitimate traffic. 

Our goals are not to prevent or stop a DoS attack, but rather assuming that the attack has started and will continue for an indeterminable period of time, attempt to mitigate the effects.  We try to provide adequate Quality of Service (QoS) even during a DoS attack that would normally take down a network. 

Our research project focuses on providing tolerance to fault and attacks in a unified way, with high probability. We use a combination of resource management and current attack mitigation techniques. Intrusion detection mechanisms are assumed and two types of faults, namely, benign malfunctions and malicious intrusions, will be considered. The former can be caused by a faulty, yet legitimate client that accidentally loses control over its behavior, while the latter occurs with the intent to cause damage, such as Denial of Service (DoS). Both types of faults can severely affect the performance of the network and compromise the integrity and security of its services.