A Defense Framework Against Denial-Of-Service in Computer Networks. (Paperback)

Denial-of-Service (DoS) is a computer security problem that poses a serious challenge to trustworthiness of services deployed over computer networks. The aim of DoS attacks is to make services unavailable to legitimate users, and current network architectures allow easy-to-launch, hard-to-stop DoS attacks. Particularly challenging are the service-level DoS attacks, whereby the victim service is flooded with legitimate-like requests, and the jamming attack, in which wireless communication is blocked by malicious radio interference. These attacks are overwhelming even for massively-resourced services, and effective and efficient defenses are highly needed. This work contributes a novel defense framework, which I call dodging, against service-level DoS and wireless jamming. Dodging has two components: (1) the careful assignment of servers to clients to achieve accurate and quick identification of service-level DoS attackers and (2) the continuous and unpredictable-to-attackers reconfiguration of the client-server assignment and the radio-channel mapping to withstand service-level and jamming DoS attacks. Dodging creates hard-to-evade baits, or traps, and dilutes the attack "fire power." The traps identify the attackers when they violate the mapping function and even when they attack while correctly following the mapping function. Moreover, dodging keeps attackers "in the dark," trying to follow the unpredictably changing mapping. They may hit a few times but lose "precious" time before they are identified and stopped. Three dodging-based DoS defense algorithms are developed in this work. They are more resource-efficient than state-of-the-art DoS detection and mitigation techniques. Honeybees combines channel hopping and error-correcting codes to achieve bandwidth-efficient and energy-efficient mitigation of jamming in multi-radio networks. In roaming honeypots, dodging enables the camouflaging of honeypots, or trap machines, as real servers, making it hard for attackers to locate and avoid the traps. Furthermore, shuffling requests over servers opens up windows of opportunity, during which legitimate requests are serviced. Live baiting, efficiently identifies service-level DoS attackers by employing results from the group-testing theory, discovering defective members in a population using the minimum number of tests. The cost and benefit of the dodging algorithms are analyzed theoretically, in simulation, and using prototype experiments. Keywords. Computer Networks, Network Security, Denial-of-Service Attack, Dodging, Honeypots, Group Testing, Wireless Jamming, Sensor Networks, Multi-radio.