Do you want to publish a course? Click here

Distributed Denial of Service is a Scalability Problem

84   0   0.0 ( 0 )
 Added by Yoo Chung
 Publication date 2011
and research's language is English
 Authors Yoo Chung




Ask ChatGPT about the research

Distributed denial of service attacks are often considered a security problem. While this may be the way to view the problem with todays Internet, new network architectures attempting to address the issue should view it as a scalability problem. In addition, they need to address the problem based on a rigorous foundation.



rate research

Read More

111 - Xin Liu , Xiaowei Yang , Yong Xia 2010
Denial of Service (DoS) attacks frequently happen on the Internet, paralyzing Internet services and causing millions of dollars of financial loss. This work presents NetFence, a scalable DoS-resistant network architecture. NetFence uses a novel mechanism, secure congestion policing feedback, to enable robust congestion policing inside the network. Bottleneck routers update the feedback in packet headers to signal congestion, and access routers use it to police senders traffic. Targeted DoS victims can use the secure congestion policing feedback as capability tokens to suppress unwanted traffic. When compromised senders and receivers organize into pairs to congest a network link, NetFence provably guarantees a legitimate sender its fair share of network resources without keeping per-host state at the congested link. We use a Linux implementation, ns-2 simulations, and theoretical analysis to show that NetFence is an effective and scalable DoS solution: it reduces the amount of state maintained by a congested router from per-host to at most per-(Autonomous System).
We unveil the existence of a vulnerability in Wi-Fi, which allows an adversary to remotely launch a Denial-of-Service (DoS) attack that propagates both in time and space. This vulnerability stems from a coupling effect induced by hidden nodes. Cascading DoS attacks can congest an entire network and do not require the adversary to violate any protocol. We demonstrate the feasibility of such attacks through experiments with real Wi-Fi cards, extensive ns-3 simulations, and theoretical analysis. The simulations show that the attack is effective both in networks operating under fixed and varying bit rates, as well as ad hoc and infrastructure modes. To gain insight into the root-causes of the attack, we model the network as a dynamical system and analyze its limiting behavior. The model predicts that a phase transition (and hence a cascading attack) is possible when the retry limit parameter of Wi-Fi is greater or equal to 7, and explicitly characterizes the phase transition region in terms of the system parameters.
In this paper, we study the problem of localizing the sensors positions in presence of denial-of-service (DoS) attacks. We consider a general attack model, in which the attacker action is only constrained through the frequency and duration of DoS attacks. We propose a distributed iterative localization algorithm with an abandonment strategy based on the barycentric coordinate of a sensor with respect to its neighbors, which is computed through relative distance measurements. In particular, if a sensors communication links for receiving its neighbors information lose packets due to DoS attacks, then the sensor abandons the location estimation. When the attacker launches DoS attacks, the AS-DILOC algorithm is proved theoretically to be able to accurately locate the sensors regardless of the attack strategy at each time. The effectiveness of the proposed algorithm is demonstrated through simulation examples.
Proof-of-work (PoW) cryptocurrency blockchains like Bitcoin secure vast amounts of money. Their operators, called miners, expend resources to generate blocks and receive monetary rewards for their effort. Blockchains are, in principle, attractive targets for Denial-of-Service (DoS) attacks: There is fierce competition among coins, as well as potential gains from short selling. Classical DoS attacks, however, typically target a few servers and cannot scale to systems with many nodes. There have been no successful DoS attacks to date against prominent cryptocurrencies. We present Blockchain DoS (BDoS), the first incentive-based DoS attack that targets PoW cryptocurrencies. Unlike classical DoS, BDoS targets the systems mechanism design: It exploits the reward mechanism to discourage miner participation. Previous DoS attacks against PoW blockchains require an adversarys mining power to match that of all other miners. In contrast, BDoS can cause a blockchain to grind to a halt with significantly fewer resources, e.g., 21% as of March 2020 in Bitcoin, according to our empirical study. We find that Bitcoins vulnerability to BDoS increases rapidly as the mining industry matures and profitability drops. BDoS differs from known attacks like Selfish Mining in its aim not to increase an adversarys revenue, but to disrupt the system. Although it bears some algorithmic similarity to those attacks, it introduces a new adversarial model, goals, algorithm, and game-theoretic analysis. Beyond its direct implications for operational blockchains, BDoS introduces the novel idea that an adversary can manipulate miners incentives by proving the existence of blocks without actually publishing them.
The emerging paradigm of network function virtualization advocates deploying virtualized network functions (VNF) on standard virtualization platforms for significant cost reduction and management flexibility. There have been system designs for managing dynamic deployment and scaling of VNF service chains within one cloud data center. Many real-world network services involve geo-distributed service chains, with prominent examples of mobile core networks and IMSs (IP Multimedia Subsystems). Virtualizing these service chains requires efficient coordination of VNF deployment across different geo-distributed data centers over time, calling for new management system design. This paper designs a dynamic scaling system for geo-distributed VNF service chains, using the case of an IMS. IMSs are widely used subsystems for delivering multimedia services among mobile users in a 3G/4G network, whose virtualization has been broadly advocated in the industry for reducing cost, improving network usage efficiency and enabling dynamic network topology reconfiguration for performance optimization. Our scaling system design caters to key control-plane and data-plane service chains in an IMS, combining proactive and reactive approaches for timely, cost-effective scaling of the service chains. We evaluate our system design using real-world experiments on both emulated platforms and geo-distributed clouds.
comments
Fetching comments Fetching comments
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا