Last revision: 05/07/2005
Li-Chiou Chen
Proposal (NSF ITR 0218466): Project summary
Li-Chiou Chen. (2003). “Computational Models for Defenses against
Internet-based Attacks,” unpublished PhD dissertation, August 2003, Department
of Engineering and Public Policy,
Abstract
Internet-based attacks have become an important concern to the government and business since more systems are reliant upon the Internet to exchange information. In particular, distributed denial of service (DDOS) attacks have been used as a prevalent way to compromise the availability of networks or information services. The economic incentives of Internet Service Providers (ISPs) to provide DDOS defenses and the public policy concerns to deploy these defenses have not been formally investigated previously.
Security services, such as Virtual Private Networks, have been provided by ISPs as optional network services to deal with the secrecy of data transportation. In the case of DDOS attacks, ISPs provide DDOS defenses that ensure the availability of the subscribers’ online services. This dissertation proposes that ISPs provide DDOS defenses on their network as security services to their subscribers and studies the service models for providing the defenses and the public policies needed to facilitate the provision of the defenses. The focus will be on the DDOS defenses that actively filter out ongoing attack traffic.
This
dissertation analyzes how the side effects of defenses influence the provision
of the defenses and investigates the economic incentives for the service
provision. The contributions of this dissertation are as follows: First, this
dissertation categorizes the current defenses that actively respond against
DDOS attacks at network routers. The characterization is based on attack
detection algorithms and attack responses.
Secondly, the service provision model is analyzed based on the
performance efficiency of DDOS defenses under various network topologies and
various settings in the technology. When providing defenses which are
congestion-based and are dynamically enforced, ISPs should design services that
focus on adjusting the filtering rate of the attack traffic to meet the needs
of different subscribers. When providing defenses that are anomaly-based and
are statically enforced, ISPs should design services that focus on the false
positive rate of attack detection. Next, the economic incentives for ISPs to
offer defense services are then analyzed based on empirical data. To operate
the DDOS defense services cost effectively, ISPs should set the filter location
closer to the attack sources and price subscribers based on their willingness
to pay. Finally, cooperation among
multiple ISPs on providing the defenses is analyzed. In order to improve the
quality of the defenses when attacks are distributed, ISPs should cooperate
with other highly influential ISPs.
Public policies should encourage source filtering and provide incentives
for highly influential ISPs to deploy DDOS defenses.
Acknowledgement
This work is supported
in part by the National Science Foundation ITR 0218466, the National Science
Foundation IGERT 9354995 and the Pennsylvania Infrastructure Technology
Alliance, a partnership of Carnegie Mellon,
Committee Members
Prof. Kathleen Carley (chair), CS/EPP/CASOS
Prof. Benoit Morel, Engineering and Public Policy
Prof. David Krackhardt, Heinz School of Public Policy and Management
Dr. Thomas Longstaff, Software Engineering Institute