Skip to main content

Home

 

Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

Sal Stolfo

Salvatore J. Stolfo Columbia University
A Brief History of Symbiote DefenseTuesday, October 31st
Rockefeller 003
5:00 PM

 Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
Sudikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 

   

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan

 

 

 

Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George

 

Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

ISTS Information Pamphlet


2012BrochureCover

 

Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
info.ists@dartmouth.edu
HomeEvents >

Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources

Abstract

Azer BestavrosOver the past few years, Denial of Service (DoS) attacks have emerged as a serious vulnerability for almost every Internet service. An adversary bent on limiting access to a network resource could simply marshal enough client machines to bring down an Internet service by subjecting it to sustained levels of demand that far exceed its capacity, making that service incapable of adequately responding to legitimate requests. In this talk I will expose a different, but potentially more malignant adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. In particular, I will show that a determined adversary could bleed an adaptive system's capacity or significantly reduce its service quality by subjecting it to an unsuspicious, low-intensity (but well orchestrated and timed) request stream that causes the system to become very inefficient, or unstable. I will give examples of such "Reduction of Quality" (RoQ) attacks on a number of common adaptive components in modern computing and networking systems. RoQ attacks stand in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings. I will present numerical and simulation results, which are validated with observations from real Internet experiments.

This work was done in collaboration with Mina Guirguis and Ibrahim Matta.

Bio

Azer Bestavros obtained his SM in 1988 and his PhD in 1992, both in Computer Science from Harvard University. He is currently Professor and Chairman of Computer Science at Boston University. Professor Bestavros' research interests are in the general areas of networking and real-time systems. Some of his seminal works include his generalization of classical rate-monotonic analysis to accommodate probabilistic guarantees, his pioneering of the push model for Internet content distribution adopted years later by CDNs, and his characterization of Web traffic self-similarity and reference locality. With over 2,000 citations to his publications, CiteSeer ranks him in the top 250 (2.5%) of its most cited CS authors at all times. Professor Bestavros received distinguished service awards from both the IEEE and the ACM. He served as chair, officer, or PC member of most major conferences in real-time and networking systems, including ICNP, Infocom, Sigmetrics, Sigmod, RTSS, RTAS, and ICDE. His research has been funded by government and industry grants totaling over $15M.