Title :
Assessing and quantifying denial of service attacks
Author :
Gregg, Donna M. ; Blackert, William J. ; Heinbuch, David V. ; Furnanage, Donna
Author_Institution :
Appl. Phys. Lab., Johns Hopkins Univ., Laurel, MD, USA
Abstract :
Denial of service (DoS) attacks come in a variety of types and can target groups of users, individual users, or entire computer systems. With the ever-increasing reliance on networked information systems for command and control of military systems - not to mention communications infrastructures - relatively simple attacks that degrade or deny service can have devastating effects. The critical importance of protection from DoS attacks is well recognized by the DoD and in fact, the USA National Computer Security Center defines INFOSEC to include "measures and controls to protect infrastructure against denial of service". There are basically three levels of DoS attacks, growing both in sophistication and seriousness of attack effects. The simplest attack exploits errors and bugs in the design and source code of a network operating system. The second level of attack exploits known artifacts of a particular system implementation or protocol, often due to limited storage or capacity, to introduce delay, to saturate a system, or otherwise limit accessibility. The third and most damaging level of attack uses very specific features of the network protocol to mount the attack. These attacks are specifically designed to look like normal usage. We have modeled and validated five different DoS attacks. We have executed these attack models against a validated model of a target network whose architecture and stochastic behavior is varied for analysis purposes. We are currently conducting a systems analysis using these models and are looking across the protocol stack and target network for attack effects. This paper describes the analysis of one attack\´s effectiveness by varying the attack rate, server time out, and connection settings. Output from our model includes probability of denied service, delay and outage time, and correlations under attack and no attack conditions. Our objective is to characterize attack effects and to ultimately derive mitigation techniques and indications and warnings.
Keywords :
command and control systems; delays; military communication; network operating systems; probability; protocols; stochastic processes; telecommunication security; DoS attacks; INFOSEC; USA National Computer Security Center; attack models; attack rate; command and control systems; connection settings; correlations; delay; denial of service attacks; military communications; military systems; mitigation techniques; network architecture; network operating system; network protocol; outage time; probability of denied service; protocol stack; server time out; stochastic behavior; Access protocols; Command and control systems; Computer crime; Computer security; Degradation; Delay; Information systems; Military communication; Military computing; Protection;
Conference_Titel :
Military Communications Conference, 2001. MILCOM 2001. Communications for Network-Centric Operations: Creating the Information Force. IEEE
Print_ISBN :
0-7803-7225-5
DOI :
10.1109/MILCOM.2001.985767
