Denial-of-Service (DoS) is a computer security problem that poses a
serious challenge to trustworthiness of services deployed over
computer networks. The aim of DoS attacks is to make services
unavailable to legitimate users, and current network architectures
allow easy-to-launch, hard-to-stop DoS attacks. Particularly
challenging are the service-level DoS attacks, whereby the victim
service is flooded with legitimate-like requests, and the jamming
attack, in which wireless communication is blocked by malicious
radio interference. These attacks are overwhelming even for
massively-resourced services, and effective and efficient defenses
are highly needed. This work contributes a novel defense framework,
which I call dodging, against service-level DoS and wireless
jamming. Dodging has two components: (1) the careful assignment of
servers to clients to achieve accurate and quick identification of
service-level DoS attackers and (2) the continuous and
unpredictable-to-attackers reconfiguration of the client-server
assignment and the radio-channel mapping to withstand service-level
and jamming DoS attacks. Dodging creates hard-to-evade baits, or
traps, and dilutes the attack "fire power." The traps identify the
attackers when they violate the mapping function and even when they
attack while correctly following the mapping function. Moreover,
dodging keeps attackers "in the dark," trying to follow the
unpredictably changing mapping. They may hit a few times but lose
"precious" time before they are identified and stopped. Three
dodging-based DoS defense algorithms are developed in this work.
They are more resource-efficient than state-of-the-art DoS
detection and mitigation techniques. Honeybees combines channel
hopping and error-correcting codes to achieve bandwidth-efficient
and energy-efficient mitigation of jamming in multi-radio networks.
In roaming honeypots, dodging enables the camouflaging of
honeypots, or trap machines, as real servers, making it hard for
attackers to locate and avoid the traps. Furthermore, shuffling
requests over servers opens up windows of opportunity, during which
legitimate requests are serviced. Live baiting, efficiently
identifies service-level DoS attackers by employing results from
the group-testing theory, discovering defective members in a
population using the minimum number of tests. The cost and benefit
of the dodging algorithms are analyzed theoretically, in
simulation, and using prototype experiments. Keywords. Computer
Networks, Network Security, Denial-of-Service Attack, Dodging,
Honeypots, Group Testing, Wireless Jamming, Sensor Networks,
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!