Results 11 - 20
of
355
Exploiting open functionality in sms-capable cellular networks
- In Proceedings of the ACM Conference on Computer and Communication Security (CCS
, 2005
"... Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the expansion of this new service, telecommunications co ..."
Abstract
-
Cited by 97 (12 self)
- Add to MetaCart
(Show Context)
Cellular networks are a critical component of the economic and social infrastructures in which we live. In addition to voice services, these networks deliver alphanumeric text messages to the vast majority of wireless subscribers. To encourage the expansion of this new service, telecommunications companies offer connections between their networks and the Internet. The ramifications of such connections, however, have not been fully recognized. In this paper, we evaluate the security impact of the SMS interface on the availability of the cellular phone network. Specifically, we demonstrate the ability to deny voice service to cities the size of Washington D.C. and Manhattan with little more than a cable modem. Moreover, attacks targeting the entire United States are feasible with resources available to medium-sized zombie networks. This analysis begins with an exploration of the structure of cellular networks. We then characterize network behavior and explore a number of reconnaissance techniques aimed at effectively targeting attacks on these systems. We conclude by discussing countermeasures that mitigate or eliminate the threats introduced by these attacks.
DDoS attacks and defense mechanisms: classification and state-of-the-art
, 2004
"... Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in todayÕs Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can eas ..."
Abstract
-
Cited by 88 (3 self)
- Add to MetaCart
Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in todayÕs Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Because of the seriousness of the problem many defense mechanisms have been proposed to combat these attacks. This paper presents a structural approach to the DDoS problem by developing a classification of DDoS attacks and DDoS defense mechanisms. Furthermore, important features of each attack and defense system category are described and advantages and disadvantages of each proposed scheme are outlined. The goal of the paper is to place some order into the existing attack and defense mechanisms, so that a better understanding of DDoS attacks can be achieved and subsequently more efficient and effective algorithms, techniques and procedures to combat these attacks may be developed.
Protection from Distributed Denial of Service Attack Using History-based IP Filtering
, 2003
"... In this paper, we introduce a practical scheme to defend against Distributed Denial of Service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, th ..."
Abstract
-
Cited by 76 (2 self)
- Add to MetaCart
(Show Context)
In this paper, we introduce a practical scheme to defend against Distributed Denial of Service (DDoS) attacks based on IP source address filtering. The edge router keeps a history of all the legitimate IP addresses which have previously appeared in the network. When the edge router is overloaded, this history is used to decide whether to admit an incoming IP packet. Unlike other proposals to defend against DDoS attacks, our scheme works well during highly-distributed DDoS attacks, i.e., from a large number of sources. We present several heuristic methods to make the IP address database accurate and robust, and we present experimental results that demonstrate the effectiveness of our scheme in defending against highly-distributed DDoS attacks.
Change-Point Monitoring for Detection of DoS Attacks
- IEEE Transactions on Dependable and Secure Computing
, 2004
"... This paper presents a simple and robust mechanism, called Change-Point Monitoring (CPM), to detect denial of service (DoS) attacks. The core of CPM is based on the inherent network protocol behaviors, and is an instance of the Sequential Change Point Detection. To make the detection mechanism insens ..."
Abstract
-
Cited by 76 (0 self)
- Add to MetaCart
(Show Context)
This paper presents a simple and robust mechanism, called Change-Point Monitoring (CPM), to detect denial of service (DoS) attacks. The core of CPM is based on the inherent network protocol behaviors, and is an instance of the Sequential Change Point Detection. To make the detection mechanism insensitive to sites and traffic patterns, a non-parametric Cumulative Sum (CUSUM) method is applied, thus making the detection mechanism robust, more generally applicable and its deployment much easier. CPM does not require per-flow state information and only introduces a few variables to record the protocol behaviors. The statelessness and low computation overhead of CPM make itself immune to any flooding attacks. As a case study, the efficacy of CPM is evaluated by detecting a SYN flooding attack — the most common DoS attack. The evaluation results show that CPM has short detection latency and high detection accuracy.
SOS: An Architecture For Mitigating DDoS Attacks
- IEEE Journal on Selected Areas of Communications (JSAC
, 2004
"... Abstract—We propose an architecture called secure overlay services (SOS) that proactively prevents denial of service (DoS) attacks, geared toward supporting emergency services, or similar types of communication. The architecture uses a combination of secure overlay tunneling, routing via consistent ..."
Abstract
-
Cited by 66 (6 self)
- Add to MetaCart
(Show Context)
Abstract—We propose an architecture called secure overlay services (SOS) that proactively prevents denial of service (DoS) attacks, geared toward supporting emergency services, or similar types of communication. The architecture uses a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by: 1) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic and 2) introducing randomness and anonymity into the forwarding architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOSprotected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels. Our performance measurements using a prototype implementation indicate an increase in end-to-end latency by a factor of two for the general case, and an average heal time of less than 10 s. Index Terms—Access control, denial of service (DoS) attacks, overlay networks, packet filtering, peer-to-peer (P2P) networks. I.
COSSACK: Coordinated Suppression of Simultaneous Attacks
- In Proceedings of DISCEX III
, 2003
"... DDoS attacks are highly distributed, well coordinated, offensive assaults on services, hosts, and infrastructure of the Internet. Effective defensive countermeasures to DDoS attacks will require equally sophisticated, well coordinated, monitoring, analysis, and response. The Cossack project is devel ..."
Abstract
-
Cited by 66 (8 self)
- Add to MetaCart
(Show Context)
DDoS attacks are highly distributed, well coordinated, offensive assaults on services, hosts, and infrastructure of the Internet. Effective defensive countermeasures to DDoS attacks will require equally sophisticated, well coordinated, monitoring, analysis, and response. The Cossack project is developing an architecture to explore such coordination using multicast, annotated topology information, and novel
Using Graphic Turing Tests to Counter Automated DDoS Attacks against Web Servers
- In: Proceedings of the 10th ACM International Conference on Computer and Communications Security (CCS
, 2003
"... We present WebSOS, a novel overlay-based architecture that provides guaranteed access to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits two key characteristics of the web environment: its design around a human-centric interface, and the extensibility inheren ..."
Abstract
-
Cited by 63 (10 self)
- Add to MetaCart
(Show Context)
We present WebSOS, a novel overlay-based architecture that provides guaranteed access to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits two key characteristics of the web environment: its design around a human-centric interface, and the extensibility inherent in many browsers through downloadable "applets." We guarantee access to a web server for a large number of previously unknown users, without requiring preexisting trust relationships between users and the system.
Incentive-based modeling and inference of attacker intent, objectives, and strategies
- in Proc. of the 10th ACM Computer and Communications Security Conference (CCS’03
, 2003
"... Although the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this ..."
Abstract
-
Cited by 62 (0 self)
- Add to MetaCart
(Show Context)
Although the ability to model and infer Attacker Intent, Objectives and Strategies (AIOS) may dramatically advance the literature of risk assessment, harm prediction, and predictive or proactive cyber defense, existing AIOS inference techniques are ad hoc and system or application specific. In this paper, we present a general incentive-based method to model AIOS and a game theoretic approach to infer AIOS. On one hand, we found that the concept of incentives can unify a large variety of attacker intents; the concept of utilities can integrate incentives and costs in such a way that attacker objectives can be practically modeled. On the other hand, we developed a game theoretic AIOS formalization which can capture the inherent inter-dependency between AIOS and defender objectives and strategies in such a way that AIOS can be automatically inferred. Finally, we use a specific case study to show how AIOS can be inferred in real world attack-defense scenarios.
On Cellular Botnets: Measuring the Impact of Malicious Devices on a Cellular Network Core
- In Proc. 16th Conference on Computer and Communications Security
, 2009
"... The vast expansion of interconnectivity with the Internet and the rapid evolution of highly-capable but largely insecure mobile devices threatens cellular networks. In this paper, we characterize the impact of the large scale compromise and coordination of mobile phones in attacks against the core o ..."
Abstract
-
Cited by 59 (5 self)
- Add to MetaCart
(Show Context)
The vast expansion of interconnectivity with the Internet and the rapid evolution of highly-capable but largely insecure mobile devices threatens cellular networks. In this paper, we characterize the impact of the large scale compromise and coordination of mobile phones in attacks against the core of these networks. Through a combination of measurement, simulation and analysis, we demonstrate the ability of a botnet composed of as few as 11,750 compromised mobile phones to degrade service to area-code sized regions by 93%. As such attacks are accomplished through the execution of network service requests and not a constant stream of phone calls, users are unlikely to be aware of their occurrence. We then investigate a number of significant network bottlenecks, their impact on the density of compromised nodes per base station and how they can be avoided. We conclude by discussing a number of countermeasures that may help to partially mitigate the threats posed by such attacks. 1.
