Boston University | Center for Computational Science
HomeNews and EventsResearchEducationPeopleSeminarsFacilitiesContact Us

Exploiting the Transients of Adaptation

Azer Bestavros
Computer Science Department
Boston University
February 11, 2005
Over the past few years, Denial of Service (DoS) attacks have emerged as a serious vulnerability for almost every Internet service. An adversary bent on limiting access to a network resource could simply marshal enough client machines to bring down an Internet service by subjecting it to sustained levels of demand that far exceed its capacity, making that service incapable of adequately responding to legitimate requests. In this talk I will expose a different, but potentially more malignant adversarial attack that exploits the transients of a system’s adaptive behavior, as opposed to its limited steady-state capacity. In particular, I will show that a determined adversary could bleed an adaptive system’s capacity or significantly reduce it’s service quality by subjecting it to an unsuspicious, low-intensity (but well orchestrated and timed) request stream that causes the system to become very inefficient, or unstable. I will give examples of such “Reduction of Quality” (RoQ) attacks on a number of common adaptive components in modern computing and networking systems. RoQ attacks stand in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings. I will present numerical and simulation results, which are validated with observations from real Internet experiments.
This work was done in collaboration with Mina Guirguis and Ibrahim Matta.

copyright © 2006, Center for Computational Science | Boston University , MA, 02215