TECHNOLOGY FOR CHANGE

Denying Harm: New Defense Method Deflects DoS Collateral Damage

Stan Gibson | Date: 10-02-09 | Comments

• 41
• PrintPDF
• Filed Under: Technology For Change




• Unlike most defense schemes, IPACF allows systems to keep working even while under attack.

• Researchers at Auburn University claim to have come up with a better way to fend off denial-of-service attacks, one that lets systems continue working normally even while under attack.  

  DoS attacks launch extremely large numbers of attempts to connect with target systems, overwhelming them and making them unavailable to their intended users. A distributed DoS attack recruits a network of “zombie” computers to carry out the attack. In addition to shutting down a target system, a DoS attack can be used to exploit the target system's response to the attack to break system firewalls, and access virtual private networks and other private resources.

   “Currently, most of the algorithms to prevent DoS allow collateral damage. When they stop the attack, they also stop the service for regular users. Our algorithm does not allow collateral damage, and you can trace back to the source of the attack,” said John Wu, professor of electrical and computer engineering at Auburn, in Auburn, Ala.  

  The new defense scheme, called Identity-Based Privacy-Protected Access Control Filter (IPACF), works by blocking threats to a network’s gatekeeping computers, called authentication servers, permitting legitimate users with valid passwords access to resources.

  According to Wu, normal average latency for a system is 113 milliseconds. Using IPACF, that latency increases to only 145 milliseconds when a system is under attack, which is not enough of a difference to be detected by a human user. Similarly, the normal CPU load for a system is 10.21 percent; under attack and equipped with IPACF, the load increases only to 11.78 percent.

  The work has been carried out by Wu, Tong Liu, Andy Huang and David Irwin of Auburn. The four have authored a paper, "Modelling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPACF) capability to resist massive denial of service attacks," in Int. J. Information and Computer Security, 2009, 3, 195-223.

IBM Resources

• End to End Virtualization: A holistic approach for a dynamic environment.
• Business Analytics and Optimization Jumpstart: Embedding analytics to transform insights into action
• Cloud computing insights from 110 implementation projects
• Capturing the Potential of Cloud
• Analytics - the new path to value
• Social Business: Advent of a new age
• Becoming a Social Business: The IBM Story
• Meeting the Demands of the Smarter Consumer
• Business agility powers innovation, transformation and growth
• Inside the Midmarket - A 2011 Perspective
• Building a strong enterprise cloud foundation is critical to manage growth for SaaS providers
• Blue Cross Blue Shield of South Carolina: A Model of IT Efficiency
• A Simple Idea that Changed the World

Most Read

• Why Smart Companies Should Adopt the Lessons of Gaming
• Top Five Cloud Trends for 2012
• New Tool Analyzes Data Without Bias
• Real-Time Analytics Takes a Bite Out of Crime
• Hadoop Takes a Giant Step Toward the Enterprise
• Universities Worldwide to Introduce Analytics Education
• Chattanooga Builds a Smart City
• Software Development Gets Agile
• Brain Microchip Faster Than Humans

Trending

• Rolls-Royce, ASU Partnership to Combat Billions in Health Insurance Fraud
• Video Analytics Boosts Business Intelligence
• Technology Transforming IT in 2012
• Print/TV Ads Retread for Social Media
• Las Vegas PD to Get Crime Analytics
• Is Voice Microblogging the Next Social Media Trend?
• Cyber Monday Sees Massive Growth
• How to Improve Crowd-Sourced Information
• App Tracks New Year's Resolutions Progress

RELATED CONTENT

• Game Theory Improves Detection of Security Breaches
• Emerging Cyber-threats Predicted for 2011
• 2012: New Y2K, Dark Ages 2.0, Global Reboot or Mayans` Last Laugh?
• Cyber-Threats Spike, but IT Lagging
• HIV Treats Serious Brain Disease
• Smarter Cities Simulating Japan-Sized Tsunamis
• Cancer Treatment Advances with Nanotech

Videos

TWITTER FEED

• about 13 hours agoDid you know we have an #IBMcloud Facebook page? It's true! Like us: http://t.co/M8zpLAsu
  
• about 13 hours agoThx for the RTs! @sengork @krock_tx @kiril_kirov @MTCurrieIBM @mirv_pgh @ibmsaas @ESRVCI @AMonsef82 @jopemoro @RiaHyman @thinkovation
  
• about 14 hours agoFrom earlier: Maximize the value of Salesforce.com via IBM Cast Iron bit.ly/A7xldu #cloud #SaaS #CRM #thoughtsoncloud
  
• about 15 hours agoValuable post by @bnhall RT @theRab: 2012: The Year of Hybrid #Cloud? http://t.co/oaOQSsPS
  
• about 17 hours agoNow avail! Access data from virtually anywhere w/ IBM #SmartCloud Enterprise Object Storage ibm.co/yoQqr2 (scroll down for deets) #ibmcloud
  
• about 18 hours agoGreat post by @RealTimeCloud about the benefits of hybrid #cloud, inspired by Jan. #cloudchat http://t.co/xB5Jr089
  
• about 19 hours agoFresh post: Maximize the value of Salesforce.com via IBM Cast Iron http://t.co/eljpH06N #cloud #SaaS #CRM #thoughtsoncloud
  
• about 21 hours agoGreat news: Object Storage on IBM #SmartCloud Enterprise is now available! http://t.co/cycw2Cdk (scroll down for details) #ibmcloud
  
• about 21 hours agoBookmark-worthy! 13 Best Practices for IBM #SmartCloud Enterprise by expert @ITDoVe http://t.co/zv48n8re #ibmcloud #publiccloud
  
• Feb 1st 2:10 PMFresh post: Interview with portal lead cloud developer Paul Kelsey http://t.co/WhtJgtz2 #ibmcloud (Via @FangFeng88)
  
< PrevNext >

JOIN US

Like us on Facebook Follow us on Twitter Get the Smarter Tech Newsletter Register for the "Data Center Optimization Techniques: Stop Wasting Time & Money" eSeminar on Thursday February 16 at 10:00 a.m. Pacific / 1:00 p.m. Eastern.Register Now >

Connect with the The Future of IT Architecture blog