From DDoS to Botnets

Sven Dietrich, CERT, software engineering institute, CMU

Tuesday, October 3
Noon - SENSQ 5317
Free pizza for attendees starting at 11:45 a.m.

Hosted by Jose' Brustoloni

Abstract

In the beginning, security was equated to confidentiality and it was considered better for a system to fail (or be forced into failure) than to leak protected information. As the field matured, the emphasis changed to "information assurance," where a balance was struck between integrity, confidentiality, availability, and emphasis put on protection, detection, and reaction capabilities.  Viewed in that broader context, denial of service became a more important topic of greater importance to the information system as a whole. Concurrently, adversaries realized that attacks that reduced the utility of computing systems to authorized users could be as effective as attacks that compromised sensitive information. In the past few years, brute force denial-of-service attacks based on the exhaustion of the victim's processing or communication resources have become commonplace, many times for financial or political gain instead of just fun and games.

Tracing the history of distributed denial of service from the early days to now, we will discover how the evolution to bots, a multi-talent among malware, and then to botnets is making our lives more challenging, both as defenders and regular users. Our continued reliance on online services and communities makes us susceptible to these disruptions that have implications not just on the availability of networks, but also the confidentiality and the integrity of our data stored on these very hosts. We will survey the different attack types and probable attack patterns, mitigation strategies, and current research approaches that may lead to ways of thwarting such attacks in the future.

Biography of Speaker

Dr. Sven Dietrich is a Senior Member of the Technical Staff at CERT, Carnegie Mellon University and holds an appointment at the Carnegie Mellon University CyLab, a university-wide cybersecurity research and education initiative. Prior to joining Carnegie Mellon University, he was a senior security architect at the NASA Goddard Space Flight Center, where he observed and analyzed the first distributed denial-of-service attacks against the University of Minnesota in 1999. He taught
mathematics and computer science as adjunct faculty at Adelphi University, his alma mater, from 1991 to 1997.

His research interests include survivability, computer and network security, anonymity, cryptographic protocols, and cryptography. His previous work has included a formal analysis of the secure sockets layer protocol (SSL), intrusion detection, analysis of distributed denial-of-service tools, and the security of IP communications in space.

His publications include the recent book Internet Denial of Service: Attack and Defense Mechanisms (Prentice Hall, December 2004), as well as the articles "Analyzing Distributed Denial of Service Tools: The Shaft Case" (2000) and "The 'mstream' Distributed Denial of Service Tool" (2000), and others on Active Network Defense, DDoS tool analysis, and survivability. He has given invited talks and presentations on DDoS at conference venues, and has participated in panels on DDoS. He also teaches computer and network security at both the national and
international level, including giving tutorials and guest lectures on DDoS.

Dr. Dietrich has a Doctor of Arts in Mathematics, a MS in Mathematics, and a BS in Computer Science and Mathematics from Adelphi University in Garden City, New York.