Ph.D. Proposal: Anna Mendonca

Title: Defending Against Insider Denial of Service Attacks

Ph.D. Candidate: Anna Mendonca

Major Advisor:  Dr. Amir Herzberg

Associate Advisors:  Dr. Jerry Shi, Dr. Alexander Russell

Date/Time: Friday, April 16th, 2021, 2:30 pm

Location: 

Meeting link:  https://uconn-cmr.webex.com/uconn-cmr/j.php?MTID=m6262ba1eda0c8054ae2d1a5947cdcdf4 

Meeting number:         120 952 8726

Password:                   MvMQybPF583

Join by phone:             +1-415-655-0002

Access code:              120 952 8726

Abstract:

 Denial of Service (or DoS) attacks threaten internet services by attackers overusing resources and preventing legitimate clients from getting serviced. Insider DoS attacks are known to be specifically problematic because the attacker acts like and pretends to be a legitimate user. The user can authenticate himself, complete a CAPCHA, or otherwise identify himself. Then, after the victim thinks the user is legitimate, the attacker launches a denial of service attack on the service. The challenge with identifying such attacks is that often it is very difficult or even impossible to identify the user causing the attack just from his behavior. The attacker could be using the service legitimately, but in such a way that is exploiting some (possibly unknown) vulnerability and causing it to malfunction for everyone.

While defenses against certain Insider Denial of Service attacks exist, such defenses are mostly against specific attackers or naive attackers that do not employ any techniques to hide their identity. We conduct a systematic study of defenses against Insider DoS attacks. We present and explain attacker techniques that can defeat the currently proposed DoS defenses. Then we propose an improved defense algorithm against such sophisticated attackers together with an analysis of how they do in comparison with current proposals against arbitrary attackers. This analysis is based off of clear measures that we define (which are missing from prior works making them very difficult to compare), to allow future works to easily compare to ours. The algorithm we propose is the only currently proposed algorithm that bounds the maximum harm an attacker can cause under an arbitrary attacker strategy. We also present experimental simulation results to compare our improved defense algorithm with the currently proposed algorithms. Later we present a complete system in which such an isolation algorithm could be used. This system’s goal is to show how the algorithms would be used to defend against denial of service attacks in a real life scenario. This dissertation proposal will talk about the preliminary findings of the comparisons of the different isolation algorithms, and go into details on how these isolation algorithms could be used in real life.

We also propose a design for a new device and automated mechanism to reassign ports for a port hopping defense against denial of service attacks for denial of service attacks. The new device will interact with existing ISP machines and the client’s machines to create a port hopping defense against denial of service attacks. This device and system will work against such attacks as the SYN-ACK flood attack, where attackers exploit the functionality of TCP to launch their attack. In this dissertation we will present our ideas and definitions of this device and mechanism and explain how it would work to defend against DoS attacks that are currently extremely expensive or difficult to defend against.