Showing papers by "Richard R. Brooks published in 2006"
TL;DR: Although each detector shows promise in limited testing, none completely solve the detection problem and combining various approaches with experienced network operators most likely produce the best results.
Abstract: Denial-of-service (DoS) detection techniques - such as activity profiling, change-point detection, and wavelet-based signal analysis - face the considerable challenge of discriminating network-based flooding attacks from sudden increases in legitimate activity or flash events. This survey of techniques and testing results provides insight into our ability to successfully identify DoS flooding attacks. Although each detector shows promise in limited testing, none completely solve the detection problem. Combining various approaches with experienced network operators most likely produce the best results.
421 citations
TL;DR: This research shows how adversary nodes can exploit clustering algorithms to ensure their selection as cluster heads for the purpose of launching attacks that prevent victim nodes from sleeping, and finds that the hash-based scheme is the best at mitigating the sleep deprivation attack.
Abstract: The ability of sensor nodes to enter a low power sleep mode is very useful for extending network longevity. We show how adversary nodes can exploit clustering algorithms to ensure their selection as cluster heads for the purpose of launching attacks that prevent victim nodes from sleeping. We present two such attacks: the barrage attack and the sleep deprivation attack. The barrage attack bombards victim nodes with legitimate requests, whereas the sleep deprivation attack makes requests of victim nodes only as often as in necessary to keep the victims awake. We show that while the barrage attack causes its victims to spend slightly more energy, it is more easily detected and requires more effort on behalf of the attacker. Thus, we have focused our research on the sleep deprivation attack. Our analysis indicates that this attack can nullify any energy savings obtained by allowing sensor nodes to enter sleep mode. We also analyze three separate methods for mitigating this attack: the random vote scheme, the...
111 citations
01 Feb 2006
TL;DR: This paper argues, using recent results from random graph theory that for scaling factors between 0 and /spl sim/3.4875, any computer worm infection of a scale-free network will become an epidemic.
Abstract: This paper considers the spread of worms in computer networks using insights from epidemiology and percolation theory. We provide three new results. The first result refines previous work showing that epidemics occur in scale-free graphs more easily because of their structure. We argue, using recent results from random graph theory that for scaling factors between 0 and /spl sim/3.4875, any computer worm infection of a scale-free network will become an epidemic. Our second result uses this insight to provide a mathematical explanation for the empirical results of Chen and Carley, who demonstrate that the Countermeasure Competing strategy can be more effective for immunizing networks to viruses or worms than traditional approaches. Our third result uses random graph theory to contradict the current supposition that, for very large networks, monocultures are necessarily more susceptible than diverse networks to worm infections.
57 citations
TL;DR: An approach that identifies change points in the time series of network packet arrival rates characteristic of botnet attacks is presented and evaluated using operational data, which proves the effectiveness of the approach.
37 citations
10 Jul 2006
TL;DR: This paper describes how pedigree is used to support and enhance situation and threat assessment, and identifies areas that need improvement in situation assessment and threat Assessment, such as interoperability, automation, pedigree management, system usability, reliability, and uncertainty.
Abstract: This paper describes how pedigree is used to support and enhance situation and threat assessment. It is based on the findings of the technology group of the Data Fusion Levels Two and Three Workshop sponsored by the Office of Naval Research held in Arlington, VA from 15-18 Nov. 2005. It identifies areas that need improvement in situation assessment and threat assessment, such as interoperability, automation, pedigree management, system usability, reliability, and uncertainty. The concept of pedigree must include "standard" metadata, lineage, plus a computational model of the quality of the information. The system must automatically propagate changes and update to derived products when source information or source-pedigree information changes. Several other processes must be automated: generate pedigree, identify and auto fill gaps, fuse pedigree, update pedigree, display of information quality and confidence. The paper concludes with suggestions for future research and development.
25 citations
05 Jun 2006
TL;DR: It is demonstrated that, for certain classes of applications, it is possible to use an optimizing compiler to automatically transform code structure and data layout so that an application can safely be executed on an untrusted remote host without being reverse engineered.
Abstract: Proliferation of distributed computing platforms, in both small and large scales, and mobile applications makes it important to protect remote hosts (servers) from mobile applications and mobile applications from remote hosts. This paper proposes and evaluates a solution to the latter problem for applications based on linear computations that involve scalar as well as array arithmetic. We demonstrate that, for certain classes of applications, it is possible to use an optimizing compiler to automatically transform code structure and data layout so that an application can safely be executed on an untrusted remote host without being reverse engineered.
2 citations