DIMACS Workshop on Large-scale Internet Attacks

September 23 -24, 2003
DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ

Vern Paxson, ICSI Center for Internet Research, vern@icir.org
Steve Bellovin, AT&T Labs - Research, smb@research.att.com
Stuart Staniford, Silicon Defense
Stefan Savage, UC San Diego, savage@cs.ucsd.edu
Presented under the auspices of the Special Focus on Communication Security and Information Privacy.

As the Internet has grown greatly in size, new forms of attacks that leverage the network's increasing scale have gained prominence. At the same time, the network's scale also often increases the difficulty of countering attacks, making it more difficult to trace back attackers or deploy widespread defensive measures. This workshop aims to assess the lay of the land in terms of large-scale Internet attacks and then to look for principles common to the problem domain. The focus will be on four general types of large-scale attacks:

(1) Distributed Denial of Service (DDOS), in which collections of hundreds or thousands of compromised machines are coordinated to simultaneously send floods of bogus traffic towards a target, completely overwhelming the target's resources, or those of the target's network;

(2) Self-propagating Malicious Code, or Worms, which have in recent years compromised hundreds of thousands of Internet hosts in a matter of hours (with recent work arguing that future worms will likely be even more rapid, and/or much harder to detect);

(3) Infrastructure Attacks, which attempt to subvert the key components of the Internet's underlying infrastructure (domain name system, routing);

(4) Attacks on Large-scale Services, which take advantage of the fact that the Internet's growth has seen the rise of some very large, publicly accessible services (such as portals, search engines, and auctions), which gain their utility by their very scale, but generally do so by making access to the service extremely cheap and thus open to a new class of sophisticated, highly automated attacks.

This workshop will explore potential countermeasures against these kinds of attacks. For DDOS as a case in point, there are special challenges for coordination across autonomous systems. We will explore mechanisms for IP traceback such as the use of hash-based techniques that generate audit trails for traffic within the network and pushback through which a router can ask upstream routers to control an attack. We will explore defenses against reflector attacks in which attackers bounce their flooding traffic off of ``reflectors''; that is, by spoofing requests from the victim to a large set of Internet servers that will in turn send their combined replies to the victim. These are just a few examples of topics to be considered.

Next: Call for Participation
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on July 8, 2003.