Founded in 1966

Ph.D. Proposal

MITIGATION OF BOTNET-BASED DDOS ATTACKS AGAINST WEB SERVERS

Peter Djalaliev (CS Grad/Pitt)

Thursday, December 11, 2008
10:30am - SENSQ 6329 - Board Room

Abstract

Software vulnerabilities and proliferation of malware, such as viruses and worms, have helped create a new class of application-level distributed denial-of-service (DDoS) attacks using networks of compromised hosts (botnets). Botnet-based DDoS attacks are a major security threat to web servers. In such an attack, a botmaster orders multiple bots to send malicious traffic toward a server, so as to deplete network bandwidth or server CPU, disk, or memory capacity. DDoS activity can make commercial web servers unresponsive for days and cause damages of millions of dollars to the servers' owners.

Researchers have proposed client authentication mechanisms, such as CAPTCHA puzzles, to distinguish bot traffic from legitimate client activity and discard bot-originated packets. However, CAPTCHA authentication is vulnerable to denial-of-service and artificial intelligence attacks. This work proposes that clients instead use hardware tokens to authenticate in a federated authentication environment. A federated authentication solution must resist both man-in-the-middle and denial-of-service attacks. This proposal satisfies both requirements by extending the Kerberos protocol.

A server could verify client credentials and blacklist repeated offenders. Traffic from blacklisted clients, however, still traverses the server's network stack and consumes server resources. This work proposes that a dedicated server front-end host verifies authentication credentials and filters blacklisted traffic before it reaches the server. Using a front-end host also allows transparently deploying hardware acceleration using network co-processors. Network co-processors can discard blacklisted traffic at the hardware level before it wastes front-end host resources.

Client authentication schemes required by the front-end host and by the protected server must interact smoothly. This proposal introduces ways for the front-end host to protect the server's authentication mechanisms from denial-of-service attacks and to provide two-factor authentication.

Dissertation Adviser

Dr. José Brustoloni, Department of Computer Science

Committee Members

Dr. Ahmed Amer, Department of Computer Science
Dr. Youtao Zhang, Department of Computer Science
Dr. Adam Lee, Department of Computer Science
Dr. Prashant Krishnamurthy, School of Information Sciences

You are using an older browser that does not support current Web standards. Although this site is viewable in all browsers, it will look much better in a browser that supports Web standards.