Title page for ETD etd-07292008-233917 ( Browse

Type of Document

Dissertation

Author

Mohamed Khattab, Sherif

URN

etd-07292008-233917

Title

A Defense Framework Against Denial-of-Service in Computer Networks

Degree

Doctor of Philosophy

Program

Computer Science

School

School of Arts and Sciences

Advisory Committee

Advisor Name	Title
Daniel Mosse'	Committee Co-Chair
Rami Melhem	Committee Co-Chair
Prashant Krishnamurthy	Committee Member
Taieb Znati	Committee Member

Keywords

Network Security
Denial-of-Service
Computer Networks

Date of Defense

2008-06-25

Availability

unrestricted

Abstract

Denial-of-Service (DoS) is a computer security problem that poses a serious challenge to
trustworthiness of services deployed over computer networks. The aim of DoS attacks is
to make services unavailable to legitimate users, and current network architectures allow
easy-to-launch, hard-to-stop DoS attacks. Particularly challenging are the service-level DoS
attacks, whereby the victim service is flooded with legitimate-like requests, and the jamming
attack, in which wireless communication is blocked by malicious radio interference. These
attacks are overwhelming even for massively-resourced services, and effective and efficient
defenses are highly needed.

This work contributes a novel defense framework, which I call dodging, against service-
level DoS and wireless jamming. Dodging has two components: (1) the careful assignment of
servers to clients to achieve accurate and quick identification of service-level DoS attackers
and (2) the continuous and unpredictable-to-attackers reconfiguration of the client-server
assignment and the radio-channel mapping to withstand service-level and jamming DoS
attacks. Dodging creates hard-to-evade baits, or traps, and dilutes the attack "fire power".
The traps identify the attackers when they violate the mapping function and even when they
attack while correctly following the mapping function. Moreover, dodging keeps attackers
"in the dark", trying to follow the unpredictably changing mapping. They may hit a few
times but lose "precious" time before they are identified and stopped.

Three dodging-based DoS defense algorithms are developed in this work. They are more
resource-efficient than state-of-the-art DoS detection and mitigation techniques. Honeybees combines channel hopping and error-correcting codes to achieve bandwidth-efficient
and energy-efficient mitigation of jamming in multi-radio networks. In roaming honeypots, dodging enables the camouflaging of honeypots, or trap machines, as real servers,
making it hard for attackers to locate and avoid the traps. Furthermore, shuffling requests
over servers opens up windows of opportunity, during which legitimate requests are serviced.
Live baiting, efficiently identifies service-level DoS attackers by employing results from
the group-testing theory, discovering defective members in a population using the minimum
number of tests. The cost and benefit of the dodging algorithms are analyzed theoretically,
in simulation, and using prototype experiments.

Files

Filename		Size	Approximate Download Time (Hours:Minutes:Seconds)
Filename		Size	28.8 Modem	56K Modem	ISDN (64 Kb)	ISDN (128 Kb)	Higher-speed Access
	khattab08.pdf	1.67 Mb	00:07:44	00:03:58	00:03:28	00:01:44	00:00:08