“Detection and Prediction of Resource-Exhaustion Vulnerabilities”

From Navigators

(Difference between revisions)
Jump to: navigation, search
(NavsPubsFull5.xml import (201201141459, full reimport with new ids for legacy pubs avoiding collisions))
 
Line 1: Line 1:
{{Publication
{{Publication
-
|title=
+
|type=inproceedings
-
   
+
|title=Detection and Prediction of Resource-Exhaustion Vulnerabilities
-
 
+
|author=João Antunes, Nuno Ferreira Neves, Paulo Veríssimo
-
 
+
|Project=Project:AJECT
-
 
+
|month=nov
-
   
+
|year=2008
-
        Detection and Prediction of Resource-Exhaustion Vulnerabilities
+
|abstract=Systems connected to the Internet are highly susceptible to denial-of-service attacks that can compromise service availability, causing damage to customers and providers. Due to errors in the design or coding phases, particular client-server interactions can be made to consume much more resources than necessary easing the success of this kind of attack.
-
|author=
+
-
        João Antunes, Nuno Ferreira Neves, Paulo Veríssimo
+
-
|url=
+
-
        http://www.navigators.di.fc.ul.pt/archive/papers/antunes08.pdf
+
-
|abstract=
+
-
        Systems connected to the Internet are highly susceptible to denial-of-service attacks that can compromise service availability, causing damage to customers and providers. Due to errors in the design or coding phases, particular client-server interactions can be made to consume much more resources than necessary easing the success of this kind of attack.
+
To address this issue we propose a new methodology for the detection and identification of local resource-exhaustion vulnerabilities. The methodology also gives a prediction on the necessary effort to exploit a specific vulnerability, useful to support decisions regarding the configuration of a system, in order to sustain a certain attack magnitude.
To address this issue we propose a new methodology for the detection and identification of local resource-exhaustion vulnerabilities. The methodology also gives a prediction on the necessary effort to exploit a specific vulnerability, useful to support decisions regarding the configuration of a system, in order to sustain a certain attack magnitude.
The methodology was implemented in a tool called PREDATOR that is able to automatically generate malicious traffic  and to perform post-processing analysis to build accurate resource usage projections on a given target server.
The methodology was implemented in a tool called PREDATOR that is able to automatically generate malicious traffic  and to perform post-processing analysis to build accurate resource usage projections on a given target server.
The validity of the approach was demonstrated with several synthetic programs and well-known DNS servers.
The validity of the approach was demonstrated with several synthetic programs and well-known DNS servers.
-
|type=
+
|address=Seattle/Redmond, WA, USA
-
        incollection
+
|booktitle=Proceedings of the 19th IEEE International Symposium on Software Reliability Engineering
-
|booktitle=
+
|url=http://www.navigators.di.fc.ul.pt/archive/papers/antunes08.pdf
-
        Proceedings of the 19th IEEE International Symposium on Software Reliability Engineering
+
-
|month=
+
-
        nov
+
-
|year=
+
-
        2008
+
-
|Project=
+
-
        Project:AJECT
+
-
|ResearchLine=
+
-
        Fault And Intrusion Tolerance in Open Distributed Systems (FIT)
+
}}
}}

Latest revision as of 17:10, 14 January 2013

João Antunes, Nuno Ferreira Neves, Paulo Veríssimo

in Proceedings of the 19th IEEE International Symposium on Software Reliability Engineering, Seattle/Redmond, WA, USA, Nov. 2008.

Abstract: Systems connected to the Internet are highly susceptible to denial-of-service attacks that can compromise service availability, causing damage to customers and providers. Due to errors in the design or coding phases, particular client-server interactions can be made to consume much more resources than necessary easing the success of this kind of attack. To address this issue we propose a new methodology for the detection and identification of local resource-exhaustion vulnerabilities. The methodology also gives a prediction on the necessary effort to exploit a specific vulnerability, useful to support decisions regarding the configuration of a system, in order to sustain a certain attack magnitude. The methodology was implemented in a tool called PREDATOR that is able to automatically generate malicious traffic and to perform post-processing analysis to build accurate resource usage projections on a given target server. The validity of the approach was demonstrated with several synthetic programs and well-known DNS servers.

Download paper

Download Detection and Prediction of Resource-Exhaustion Vulnerabilities

Export citation

BibTeX

Project(s): Project:AJECT

Missing ResearchLine

Personal tools
Navigators toolbox