Assessing and quantifying denial of service attacks

2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277) Pub Date : 2001-10-28 DOI:10.1109/MILCOM.2001.985767

D. Gregg, W. Blackert, D. Heinbuch, D. Furnanage

{"title":"Assessing and quantifying denial of service attacks","authors":"D. Gregg, W. Blackert, D. Heinbuch, D. Furnanage","doi":"10.1109/MILCOM.2001.985767","DOIUrl":null,"url":null,"abstract":"Denial of service (DoS) attacks come in a variety of types and can target groups of users, individual users, or entire computer systems. With the ever-increasing reliance on networked information systems for command and control of military systems - not to mention communications infrastructures - relatively simple attacks that degrade or deny service can have devastating effects. The critical importance of protection from DoS attacks is well recognized by the DoD and in fact, the USA National Computer Security Center defines INFOSEC to include \"measures and controls to protect infrastructure against denial of service\". There are basically three levels of DoS attacks, growing both in sophistication and seriousness of attack effects. The simplest attack exploits errors and bugs in the design and source code of a network operating system. The second level of attack exploits known artifacts of a particular system implementation or protocol, often due to limited storage or capacity, to introduce delay, to saturate a system, or otherwise limit accessibility. The third and most damaging level of attack uses very specific features of the network protocol to mount the attack. These attacks are specifically designed to look like normal usage. We have modeled and validated five different DoS attacks. We have executed these attack models against a validated model of a target network whose architecture and stochastic behavior is varied for analysis purposes. We are currently conducting a systems analysis using these models and are looking across the protocol stack and target network for attack effects. This paper describes the analysis of one attack's effectiveness by varying the attack rate, server time out, and connection settings. Output from our model includes probability of denied service, delay and outage time, and correlations under attack and no attack conditions. Our objective is to characterize attack effects and to ultimately derive mitigation techniques and indications and warnings.","PeriodicalId":136537,"journal":{"name":"2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277)","volume":"114 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2001-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2001.985767","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Denial of service (DoS) attacks come in a variety of types and can target groups of users, individual users, or entire computer systems. With the ever-increasing reliance on networked information systems for command and control of military systems - not to mention communications infrastructures - relatively simple attacks that degrade or deny service can have devastating effects. The critical importance of protection from DoS attacks is well recognized by the DoD and in fact, the USA National Computer Security Center defines INFOSEC to include "measures and controls to protect infrastructure against denial of service". There are basically three levels of DoS attacks, growing both in sophistication and seriousness of attack effects. The simplest attack exploits errors and bugs in the design and source code of a network operating system. The second level of attack exploits known artifacts of a particular system implementation or protocol, often due to limited storage or capacity, to introduce delay, to saturate a system, or otherwise limit accessibility. The third and most damaging level of attack uses very specific features of the network protocol to mount the attack. These attacks are specifically designed to look like normal usage. We have modeled and validated five different DoS attacks. We have executed these attack models against a validated model of a target network whose architecture and stochastic behavior is varied for analysis purposes. We are currently conducting a systems analysis using these models and are looking across the protocol stack and target network for attack effects. This paper describes the analysis of one attack's effectiveness by varying the attack rate, server time out, and connection settings. Output from our model includes probability of denied service, delay and outage time, and correlations under attack and no attack conditions. Our objective is to characterize attack effects and to ultimately derive mitigation techniques and indications and warnings.

查看原文本刊更多论文

评估和量化拒绝服务攻击

拒绝服务(DoS)攻击有多种类型，可以针对用户组、个人用户或整个计算机系统。随着军事系统的指挥和控制日益依赖网络信息系统——更不用说通信基础设施了——降低或拒绝服务的相对简单的攻击可能产生毁灭性的影响。美国国防部已经充分认识到防止DoS攻击的重要性，事实上，美国国家计算机安全中心将信息安全定义为包括“保护基础设施免受拒绝服务的措施和控制”。DoS攻击基本上分为三个级别，其复杂性和攻击效果的严重性都在增长。最简单的攻击是利用网络操作系统的设计和源代码中的错误和缺陷。第二级攻击利用特定系统实现或协议的已知构件(通常是由于有限的存储或容量)来引入延迟、使系统饱和或以其他方式限制可访问性。第三种也是最具破坏性的攻击使用网络协议的非常特定的特性来进行攻击。这些攻击是专门设计成看起来像正常使用。我们已经建模并验证了五种不同的DoS攻击。我们针对目标网络的验证模型执行了这些攻击模型，目标网络的架构和随机行为因分析目的而变化。我们目前正在使用这些模型进行系统分析，并在协议栈和目标网络中寻找攻击效果。本文通过改变攻击速率、服务器超时和连接设置来分析一种攻击的有效性。我们模型的输出包括拒绝服务的概率、延迟和中断时间，以及攻击和无攻击条件下的相关性。我们的目标是描述攻击的影响，并最终得出缓解技术、迹象和警告。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277)

自引率

0.00%

发文量