Publications
 



 
bullet Sherif Khattab, Sameh Gobriel, Rami Melhem, and Daniel Mosse', ``Live Baiting for Service-Level DoS Attackers'', in IEEE INFOCOM 2008. [pdf]


 
 
 
bullet Sherif Khattab, Rami Melhem, Daniel Mosse', and Taieb Znati, ``Honeypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks'', in Journal of Parallel and Distributed Computing (JPDC), Vol 66(9), p1152-1164, September 2006, Elsevier. (Extended version of SSN’06 paper)









bullet


 Sherif Khattab, Rami Melhem, Daniel Mosse', and Taieb Znati, ``Honeypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks'', in Journal of Parallel and Distributed Computing (JPDC), Vol 66(9), p1152-1164, September 2006, Elsevier. (Extended version of SSN’06 paper)







bullet

 Sherif Khattab, Rami Melhem, Daniel Mosse', and Taieb Znati, ``Honeypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks'', in Journal of Parallel and Distributed Computing (JPDC), Vol 66(9), p1152-1164, September 2006, Elsevier. (Extended version of SSN’06 paper)





bullet
 Sherif Khattab, Rami Melhem, Daniel Mosse', and Taieb Znati, ``Honeypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks'', in Journal of Parallel and Distributed Computing (JPDC), Vol 66(9), p1152-1164, September 2006, Elsevier. (Extended version of SSN’06 paper)



 
 
bullet Sherif Khattab, Rami Melhem, Daniel Mosse', and Taieb Znati, ``Honeypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks'',  in Proceedings of the 2nd International Workshop on Security in Systems and Networks (SSN'06) in conjunction with IPDPS 2006,  April, 2006. (Best Paper Award) [pdf]

 
bullet Sherif M. Khattab, Chatree Sangpachatanaruk, Rami Melhem, Daniel Mosse', and Taieb Znati, ``Honeypot Back-propagation for Mitigating Spoofing Distributed Denial-of-Service Attacks'', Technical Report TR-04-111, Department of Computer Science, University of Pittsburgh, September 2004.[ps | pdf


 
bullet C. Sangpachatanaruk, S. M. Khattab, T. Znati, R. Melhem, and D. Mosse', Design and Analysis of a Replicated Elusive Server Scheme for Mitigating Denial of Service Attacks, in Journal of Systems and Software, Vol 73(1), p15-29, September 2004, Elsevier. [ps]

Abstract:  The paper proposes a scheme, referred to as Proactive Server Roaming to mitigate the effects of denial of service (DoS) attacks. The scheme is based on the concept of ``replicated elusive service'', which through server roaming, causes the service to physically migrate from one physical location to another. Furthermore, the proactiveness of the scheme makes it difficult for attackers to guess when or where servers roam. The combined effect of elusive service replication and proactive roaming makes the scheme resilient to DoS attacks, thereby ensuring a high-level of quality of service. The paper describes the basic components of the scheme and discusses a simulation study to assess the performance of the scheme for different types of DoS attacks.  The details of the NS2-based design and implementation of the server roaming strategy to mitigate the DoS attacks are provided, along with a thorough discussion and analysis of the simulation results.


 
 
bullet Sherif M. Khattab, Chatree Sangpachatanaruk, Daniel Mosse', Rami Melhem, and Taieb Znati,Roaming Honeypots for Mitigating Service-level Denial-of-Service Attacks, inProceedings of the 24th International Conference on Distributed Computing Systems (ICDCS'04), March 2004.[ps|pdf]
Abstract: Honeypots have been proposed to act as traps for malicious attackers. However, because of their deployment at fixed (thus detectable) locations and on machines other than the ones they are supposed to protect, honeypots can be avoided by sophisticated attacks. We propose roaming honeypots, a  mechanism that allows the locations of honeypots to be unpredictable, continuously changing, and disguised within a server pool. A (continuously changing) subset of the servers is active and providing service, while the rest of the server pool is idle and acting as honeypots. We utilize our roaming honeypots scheme to mitigate the effects of service-level DoS attacks, in which many attack machines acquire service from a victim server at a high rate, against   back-end servers of private services. The roaming honeypots scheme detects and filters attack traffic from outside a firewall (external attacks), and also mitigates attacks from behind a firewall (internal attacks) by dropping all connections when a server switches from acting as a honeypot into being active. Through ns-2 simulations, we show the effectiveness of our roaming honeypots scheme. In particular, against external attacks, our roaming honeypots scheme provides service response time that is independent of attack load for a fixed number of attack machines.
bullet Sherif M. Khattab, Chatree Sangpachatanaruk, Rami Melhem, Daniel Mosse', and Taieb Znati, Proactive Server Roaming for Mitigating Denial-of-Service Attacks, To Appear in Proceedings of the 1st International Conference on Information Technology: Research and Education (ITRE'03), August 2003.[ps|pdf

Abstract: We propose a framework based on proactive server roaming to mitigate the effects of Denial-of-Service (DoS) attacks. The active server proactively changes its location within a pool of servers to defend against unpredictable and undetectable attacks. Only legitimate clients can follow the active server as it roams. We present algorithms that are secure, distributed, randomized, and adaptive for triggering the roaming and determining the next server to roam to. We propose some modifications to the state recovery process of existing TCP connection-migration schemes to suit roaming. Preliminary experiments in a FreeBSD network show that the overhead of server roaming is small, in terms of response time, in the absence of attacks. Further, during an attack, roaming significantly improves the response time.
 


bullet C. Sangpachatanaruk, S. M. Khattab, T. Znati, R. Melhem, and D. Mosse', A Simulation Study of the Proactive Server Roaming for Mitigating Denial of Service Attacks, Proceedings of the 36th Annual Simulation Symposium 2003 (ANSS'03), March 2003. [ps|pdf]

Abstract: The main goal of the NETSEC project is to design and implement a framework for mitigating the effects of the node-based and link-based DoS attacks. Our strategy employs three lines of defense. The first line of defense is to restrict the access to the defended services using offline service subscription, encryption and other traditional security techniques. The second line of defense is server roaming, by which we mean the migration of the service from one server to another, where the new server has a different IP address. Finally, each server and firewall(s) implement resource management schemes as a third line of defense. For example, deploying separate input queues to allocate different classes of service requests. In this paper, we show our simulation study on the second line of defense, the server roaming. The design and procedure of the sever roaming on the NS2 is described. The promising results of applying the server roaming to mitigate the DoS attack in the simulation are also shown with analysis.