Assessing and quantifying denial of service attacks

Denial of service (DoS) attacks come in a variety of types and can target groups of users, individual users, or entire computer systems. With the ever-increasing reliance on networked information systems for command and control of military systems - not to mention communications infrastructures - re...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gregg, D.M., Blackert, W.J., Heinbuch, D.V., Furnanage, D.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Denial of service (DoS) attacks come in a variety of types and can target groups of users, individual users, or entire computer systems. With the ever-increasing reliance on networked information systems for command and control of military systems - not to mention communications infrastructures - relatively simple attacks that degrade or deny service can have devastating effects. The critical importance of protection from DoS attacks is well recognized by the DoD and in fact, the USA National Computer Security Center defines INFOSEC to include "measures and controls to protect infrastructure against denial of service". There are basically three levels of DoS attacks, growing both in sophistication and seriousness of attack effects. The simplest attack exploits errors and bugs in the design and source code of a network operating system. The second level of attack exploits known artifacts of a particular system implementation or protocol, often due to limited storage or capacity, to introduce delay, to saturate a system, or otherwise limit accessibility. The third and most damaging level of attack uses very specific features of the network protocol to mount the attack. These attacks are specifically designed to look like normal usage. We have modeled and validated five different DoS attacks. We have executed these attack models against a validated model of a target network whose architecture and stochastic behavior is varied for analysis purposes. We are currently conducting a systems analysis using these models and are looking across the protocol stack and target network for attack effects. This paper describes the analysis of one attack's effectiveness by varying the attack rate, server time out, and connection settings. Output from our model includes probability of denied service, delay and outage time, and correlations under attack and no attack conditions. Our objective is to characterize attack effects and to ultimately derive mitigation techniques and indications and warnings.
DOI:10.1109/MILCOM.2001.985767