DIMACS Workshop on Large-scale Internet Attacks
September 23 -24, 2003
DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ
- Organizers:
- Vern Paxson, ICSI Center for Internet Research, vern@icir.org
- Steve Bellovin, AT&T Labs - Research, smb@research.att.com
- Stuart Staniford, Silicon Defense
- Stefan Savage, UC San Diego, savage@cs.ucsd.edu
Presented under the auspices of the Special Focus on Communication Security and Information Privacy.
As the Internet has grown greatly in size, new forms of attacks that leverage the network's increasing
scale have gained prominence. At the same time, the network's scale also often increases the difficulty of
countering attacks, making it more difficult to trace back attackers or deploy widespread defensive measures.
This workshop aims to assess the lay of the land in terms of large-scale Internet attacks and then to look for
principles common to the problem domain. The focus will be on four general types of large-scale attacks:
- (1) Distributed Denial of Service (DDOS), in which collections of hundreds or thousands of compromised
machines are coordinated to simultaneously send floods of bogus traffic towards a target, completely overwhelming
the target's resources, or those of the target's network;
- (2) Self-propagating Malicious Code, or
Worms, which have in recent years compromised hundreds of thousands of Internet hosts in a matter of
hours (with recent work arguing that future worms will likely be even more rapid, and/or much harder to
detect);
- (3) Infrastructure Attacks, which attempt to subvert the key components of the Internet's underlying
infrastructure (domain name system, routing);
- (4) Attacks on Large-scale Services, which take advantage of
the fact that the Internet's growth has seen the rise of some very large, publicly accessible services (such
as portals, search engines, and auctions), which gain their utility by their very scale, but generally do so
by making access to the service extremely cheap and thus open to a new class of sophisticated, highly automated
attacks.
This workshop will explore potential countermeasures against these kinds of attacks. For
DDOS as a case in point, there are special challenges for coordination across autonomous systems. We will
explore mechanisms for IP traceback such as the use of hash-based techniques that generate audit trails
for traffic within the network and pushback through which a router can ask upstream routers to control an
attack. We will explore defenses against reflector attacks in which attackers bounce their flooding traffic
off of ``reflectors''; that is, by spoofing requests from the victim to a large set of Internet servers that will in
turn send their combined replies to the victim. These are just a few examples of topics to be considered.
Next: Call for Participation
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on July 8, 2003.