Visible to the public Biblio

Filters: Author is Fleck, D.  [Clear All Filters]
2019-09-09
Kesidis, G., Shan, Y., Fleck, D., Stavrou, A., Konstantopoulos, T..  2018.  An adversarial coupon-collector model of asynchronous moving-target defense against botnet reconnaissance*. 2018 13th International Conference on Malicious and Unwanted Software (MALWARE). :61–67.

We consider a moving-target defense of a proxied multiserver tenant of the cloud where the proxies dynamically change to defeat reconnaissance activity by a botnet planning a DDoS attack targeting the tenant. Unlike the system of [4] where all proxies change simultaneously at a fixed rate, we consider a more “responsive” system where the proxies may change more rapidly and selectively based on the current session request intensity, which is expected to be abnormally large during active reconnaissance. In this paper, we study a tractable “adversarial” coupon-collector model wherein proxies change after a random period of time from the latest request, i.e., asynchronously. In addition to determining the stationary mean number of proxies discovered by the attacker, we study the age of a proxy (coupon type) when it has been identified (requested) by the botnet. This gives us the rate at which proxies change (cost to the defender) when the nominal client request load is relatively negligible.

2015-05-05
Quan Jia, Huangxin Wang, Fleck, D., Fei Li, Stavrou, A., Powell, W..  2014.  Catch Me If You Can: A Cloud-Enabled DDoS Defense. Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on. :264-275.

We introduce a cloud-enabled defense mechanism for Internet services against network and computational Distributed Denial-of-Service (DDoS) attacks. Our approach performs selective server replication and intelligent client re-assignment, turning victim servers into moving targets for attack isolation. We introduce a novel system architecture that leverages a "shuffling" mechanism to compute the optimal re-assignment strategy for clients on attacked servers, effectively separating benign clients from even sophisticated adversaries that persistently follow the moving targets. We introduce a family of algorithms to optimize the runtime client-to-server re-assignment plans and minimize the number of shuffles to achieve attack mitigation. The proposed shuffling-based moving target mechanism enables effective attack containment using fewer resources than attack dilution strategies using pure server expansion. Our simulations and proof-of-concept prototype using Amazon EC2 [1] demonstrate that we can successfully mitigate large-scale DDoS attacks in a small number of shuffles, each of which incurs a few seconds of user-perceived latency.