Quantifying Network Denial of Service: A Location Service Case Study
Yan Chen and Adam Bargteil and Randy H. Katz and John Kubiatowicz
EECS Department, University of California, Berkeley
Technical Report No. UCB/CSD-01-1150
, 2001
http://www2.eecs.berkeley.edu/Pubs/TechRpts/2001/CSD-01-1150.pdf
Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication. Most previous work has focused on network DoS attacks that take advantage of a protocol to launch the attack. We take the broader view that DoS attack is any malicious action which reduces the availability of some resource to some users. Meanwhile, it is highly desirable to be able to measure quantitatively and verify claims pertaining to the security of IT systems and services. As the first attempt to quantify the resilience of a system to broad classes of network DoS attacks, we propose a novel benchmarking methodology and apply it to study the effect of a variety of attacks on directory services in a network setting. Preliminary simulations show the rough ranking of network DoS resilience among centralized directory services, replicated directory services and the newly-emerged distributed directory services, such as Tapestry. Finally, we discuss some potential approaches towards DoS resilience based on our experiments.
BibTeX citation:
@techreport{Chen:CSD-01-1150, Author= {Chen, Yan and Bargteil, Adam and Katz, Randy H. and Kubiatowicz, John}, Title= {Quantifying Network Denial of Service: A Location Service Case Study}, Year= {2001}, Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2001/5262.html}, Number= {UCB/CSD-01-1150}, Abstract= {Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication. Most previous work has focused on network DoS attacks that take advantage of a protocol to launch the attack. We take the broader view that DoS attack is any malicious action which reduces the availability of some resource to some users. Meanwhile, it is highly desirable to be able to measure quantitatively and verify claims pertaining to the security of IT systems and services. As the first attempt to quantify the resilience of a system to broad classes of network DoS attacks, we propose a novel benchmarking methodology and apply it to study the effect of a variety of attacks on directory services in a network setting. Preliminary simulations show the rough ranking of network DoS resilience among centralized directory services, replicated directory services and the newly-emerged distributed directory services, such as Tapestry. Finally, we discuss some potential approaches towards DoS resilience based on our experiments.}, }
EndNote citation:
%0 Report %A Chen, Yan %A Bargteil, Adam %A Katz, Randy H. %A Kubiatowicz, John %T Quantifying Network Denial of Service: A Location Service Case Study %I EECS Department, University of California, Berkeley %D 2001 %@ UCB/CSD-01-1150 %U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2001/5262.html %F Chen:CSD-01-1150