On the robustness of router-based denial-of-service (DoS) defense systems
ACM SIGCOMM Computer Communication Review
Distributed mechanism in detecting and defending against the low-rate TCP attack
Computer Networks: The International Journal of Computer and Telecommunications Networking
Adversarial exploits of end-systems adaptation dynamics
Journal of Parallel and Distributed Computing
Mistreatment-resilient distributed caching
Computer Networks: The International Journal of Computer and Telecommunications Networking
Falling off the cliff: when systems go nonlinear
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
Towards user-centric metrics for denial-of-service measurement
Proceedings of the 2007 workshop on Experimental computer science
A user-centric metric for denial-of-service measurement
ecs'07 Experimental computer science on Experimental computer science
IEEE Transactions on Parallel and Distributed Systems
A router-based technique to mitigate reduction of quality (RoQ) attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Secretly monopolizing the CPU without superuser privileges
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Fidelity of network simulation and emulation: A case study of TCP-targeted denial of service attacks
ACM Transactions on Modeling and Computer Simulation (TOMACS)
IEEE/ACM Transactions on Networking (TON)
Detecting pulsing denial-of-service attacks with nondeterministic attack intervals
EURASIP Journal on Advances in Signal Processing - Special issue on signal processing applications in network intrusion detection systems
Is it congestion or a DDoS attack?
IEEE Communications Letters
WONS'09 Proceedings of the Sixth international conference on Wireless On-Demand Network Systems and Services
Towards the perfect DDoS attack: the perfect storm
SARNOFF'09 Proceedings of the 32nd international conference on Sarnoff symposium
RateGuard: a robust distributed denial of service (DDoS) defense system
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
On the safety and security of path splicing: a case study for path splicing on the GÉANT network
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
RRED: robust RED algorithm to counter low-rate denial-of-service attacks
IEEE Communications Letters
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Defense techniques for low-rate DoS attacks against application servers
Computer Networks: The International Journal of Computer and Telecommunications Networking
Performance evaluation of path splicing on the GÉANT and the Sprint networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Assessing RoQ attacks on MANETs over aware and unaware TPC techniques
Proceedings of the 7th International Conference on Network and Services Management
Network of shortcuts: an adaptive data structure for tree-based search methods
NETWORKING'05 Proceedings of the 4th IFIP-TC6 international conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communication Systems
Effect of malicious synchronization
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Flow level detection and filtering of low-rate DDoS
Computer Networks: The International Journal of Computer and Telecommunications Networking
Countermeasures on application level low-rate denial-of-service attack
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
On the exploitation of CDF based wireless scheduling
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
We expose an unorthodox adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. We show that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity. This type of attack stands in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings such as TCP timeouts. We exemplify what we term as Reduction of Quality (RoQ) attacks by exposing the vulnerabilities of common adaptation mechanisms. We develop control-theoretic models and associated metrics to quantify these vulnerabilities. We present numerical and simulation results, which we validate with observations from real Internet experiments. Our findings motivate the need for the development of adaptation mechanisms that are resilient to these new forms of attacks.