Computational Models for Defenses against Internet-based Attacks

 

This work is supported in part by the National Science Foundation ITR 0218466, the National Science Foundation IGERT 9354995 and the PITA.

 

PhD Thesis Project

Li-Chiou Chen

Department of Engineering and Public Policy (EPP)

Center for Computational Analysis of Social and Organizational Systems (CASOS)

 

 

Project Summary

 

Computer-based attacks on critical infrastructure have been a great concern to the US government since the nation’s critical infrastructure has become increasingly reliant upon the Internet to exchange information among various systems (PCCIP 1997). To address this concern, Presidential Decision Directive (PDD) 63 calls for a closely coordinated effort of both the public and private sectors to reduce vulnerabilities (PDD63 1998). However, computer security incidents[1] are still increasing (CERT, 2001)(CSI 2001)(GAO 2001).

 

To mitigate the risk of computer security incidents, evaluating the effectiveness of defenses becomes an important issue. The purpose of this research is to develop computational models to study security policies that will provide defenses against Internet security incidents. Internet security incidents refer to computer security incidents conducted by malicious attackers through network connections to compromise network services. In particular, this research will focus on distributed denial of service (DDOS) attacks and defenses against these attacks.

 

Distributed denial of service (DDOS) attacks have emerged as a prevalent way to take down web sites and have imposed financial losses to companies. The CSI/FBI survey (CSI 2001) shows that 36% of respondents in the last 12-months period have detected denial of service, which imposed more than $4.2 million financial losses. The effectiveness of DDOS defenses depends on many factors such that the nature of the network’s topology, the specific attack scenario, and various characteristics of the network routers. However, little research has focused on the tradeoffs inherent in this complex system.  We propose to develop a computational test bed to study security policies and the associated technologies that provide defenses against DDOS attacks. We will then use this framework to evaluate various policies and technologies.  In this work we draw on research in the areas of computer science, information science, organizational theory and social networks.

 

There have been a number of proposals on how to control the on-going DDOS attack traffic. None have been widely deployed.  The effectiveness of DDOS defenses depends on many factors, such as the type of network topology, the type of attacks and whether all ISPs are compliant in establishing defenses.  However, little is known about the interactions among these factors. Knowing what tradeoffs will occur as these factors vary will assist stakeholders in making security policy decisions and adjusting for the chance that others may not make the same decisions. The research proposed in this project will illuminate these tradeoffs and lead to a computational model for examining various DDOS defenses and attack scenarios at the router level.

 

To orient this research we focus on two basic research questions. First, how do ISPs provide DDOS defenses at the lowest cost while their subscribers remain satisfied with the availability of network connections during attacks? A cost-performance analysis of the effectiveness of DDOS defenses will be conducted using results from the computational model. This cost-performance analysis will aid ISPs and local network administrators in their evaluation of DDOS defenses. Second, we ask where are the critical points in a network to deploy defenses? We examine the impact of network topology on the deployment location of defenses. Graph level indices and models from social network studies will be used to categorize network topologies and to select deployment locations for defenses. This analysis will provide guidance to decision makers.

 

Benefits of the proposed research include the following. First, the policy framework proposed in this research will help ISPs and subscribers to consider the benefits of providing DDOS defenses and to realize the tradeoffs in DDOS defenses. Results from this study will aid decision makers in setting security policy for computer networks. Thirdly, since it is costly and unethical to conduct real world experiments of DDOS attacks on a large network, this research provides a test bed to evaluate the costs imposed by various attack scenarios and defenses. Moreover, topological measures developed in this research could be useful for studies of other large-scale topologies. This will extend social network measures typically used on small person-to-person networks to large-scale computer networks.  Finally, this research will provide a theoretical basis for evaluating DDOS defenses building on interdisciplinary studies from the fields of computer science, information science, organizational theory and social network analysis.

 

 

 

References

 

CERT/CC (1996-2001). CERT Advisory: CA-1996-01, CA-1997-28, CA-1998-01,CA-1999-17. CERT Incident Notes: IN-1998-01, IN_2000-01, IN-2000-05, IN-2001-04. Pittsburgh, PA, CERT Coordination Center, Software Engineering Institute, Carnegie Mellon University. Available at http://www.cert.org.

 

CSI (2001). CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trend. VI

 

GAO (2001). “Computer Security: Weaknesses Continue to Place Critical Federal Operations and Assets at Risk” and “Critical Infrastructure Protection: Significant Challenges in Developing National Capabilities”, United States General Accounting Office

 

Howard, J. D. and T. A. Longstaff (1998). A Common Language for Computer Security Incidents, Sandia National Laboratories

           

PCCIP (1997). Critical Foundations: Protecting America's Infrastructure, President's Commission on Critical Infrastructure Protection

           

PDD63 (1998). Presidential Decision Directive 63, The White House