Fork Bomb Attack Mitigation by Process Resource Quarantine

Abstract

A fork bomb attack is a denial of service attack. An attacker generates many processes rapidly, exhausting the resources of the target computer systems. There are several previous work to detect and remove the processes that cause fork bomb attacks. However, the operating system with the previous methods have the risks to terminate inappropriate processes that do not fork bomb processes. In this paper, we propose a new method that named process resource quarantine. With the proposed method, the operating systems don't terminate the detected fork bomb processes. Instead of the termination, the operating systems make resource limitations for the detected processes and inspect them periodically. We implemented the proposed method on Linux kernel and executed several evaluation experiments. The results show that the proposed method is effective for fork bomb attacks mitigation.