Founded in 1966

Mitigating Denial-of-Service By Dodging

Sherif Khattab (Pitt/CS)

PhD Proposal

Friday, April 27th, 2007
2:30pm - SENSQ 6329

Abstract

Denial-of-Service (DoS) attackers aim at making a service unavailable to its legitimate clients for unacceptably long periods of time, causing major monetary losses. A common DoS attack overwhelms the victim service with legitimate-like service requests from a large number of attacking computers. This work addresses the problem of distinguishing DoS attackers from legitimate service users and mitigating the attack damage.

Our approach is to dodge DoS attacks by carefully-designed system reconfiguration. We leverage the fact that in a replicated service, clients are mapped into servers according to different criteria, such as server load and server and client location. We achieve dodging by reconfiguring the client-server mapping proactively and unpredictably with the two-fold goal of (1) discovering and filtering out attackers (dodging to bait) and (2) mitigating the attack impact (dodging to escape). On one hand, dodging creates baits, or traps, that are hard to evade by DoS attackers. Particularly, attackers are detected once they access a wrong configuration. Moreover, attackers are detected even when they follow the correct service reconfigurations. On the other hand, dodging effectively dilutes the attack "fire-power" as attackers try to follow the service reconfigurations, hitting the service a few times, but losing ?precious? time before they are detected and stopped.

We present a set of properties of the client-server mapping to achieve our goals. The mapping should not block legitimate clients from accessing the service, it should balance the client load over the servers, it should be unpredictable to attackers, and finally it should be unique for client groups of certain size. We developed a scheme that satisfies these properties and evaluated it via a combination of analysis, simulation, and prototype experiments. The overhead incurred by dodging was small, a good cost-benefit tradeoff was reached, and dodging was both practical and effective against various types of DoS attacks.

Dissertation Advisers

Prof. Rami Melhem, Department of Computer Science
Prof. Daniel Mosse', Department of Computer Science

Committee Members

Prof. Rami Melhem, Department of Computer Science
Prof. Daniel Mosse', Department of Computer Science
Prof. Taieb Znati, Department of Computer Science
Prof. Prashant Krishnamurthy, School of Information Sciences

You are using an older browser that does not support current Web standards. Although this site is viewable in all browsers, it will look much better in a browser that supports Web standards.