Abstract
This paper focuses on one of the most harmful categories of Denial of Service attacks, commonly known in the literature as “stealth” attacks. They are performed avoiding to send significant volumes of data, by injecting into the network a low-rate flow of packets in order to evade rate-controlling detection mechanisms. This work presents an intrusion tolerance solution, which aims at providing minimal level of services, even when the system has been partially compromised by such attacks. It describes all protection phases, from monitoring to diagnosis and recovery. Preliminary experimental results show that the proposed approach results in a better performance of Intrusion Prevention Systems, in terms of reducing service unavailability during stealth attacks.
Chapter PDF
Similar content being viewed by others
References
Kuzmanovic, A.: Low-rate tcp-targeted denial of service attacks and counter strategies. IEEE/ACM Trans. on Networking 14(4), 683–696 (2006)
Zhang, Y., Mao, Z.M., Wang, J.: Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing. In: Proc. of the 14th Network and Distributed System Security Symposium, NDSS 2007 (February 2007)
Boggs, N., Hiremagalore, S., Stavrou, A., Stolfo, S.J.: Experimental Results of Cross-Site Exchange of Web Content Anomaly Detector Alerts. In: Proc. of the IEEE Int. Conf. on Technologies for Homeland Security, pp. 8–14 (November 2010)
Jensen, M., Gruschka, N., Herkenh, R.: A survey of attacks on web services. Computer Science 24(4), 185–197 (2009)
Jensen, M., Gruschka, N., Herkenh, R., Luttenberger, N.: SOA and Web Services: New Technologies, New Standards - New Attacks. In: Proc. of the Fifth European Conference on Web Services, pp. 35–44. IEEE CS (2007)
Kuzmanovic, A., Knightly, E.W.: Low-Rate TCP Targeted Denial of Service Attacks: the shrew vs. the mice and elephants. In: Proc. of the International Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM). ACM Press (2003)
Antonatos, S., Locasto, M., Sidiroglou, S., Keromytis, A.D., Markatos, E.: Defending against next generation through network/endpoint collaboration and interaction. In: Proc. of the 3rd International Conference on Computer Network Defense. LNCS, vol. 30, pp. 131–141. Springer US (2008)
Ficco, M., Rak, M.: Intrusion Tolerant Approach for Denial of Service Attacks to Web Services. In: Proc. of the 1st International Conference on Data Compression, Communications and Processing (CCP 2011). IEEE CS Press (June 2011)
Ficco, M.: Achieving Security by Intrusion-Tolerance Based on Event Correlation. Journal of Network Protocols and Algorithms (NPA) 2(3), 70–84 (2010)
Ficco, M., Romano, L.: A Correlation Approach to Intrusion Detection. In: Chatzimisios, P., Verikoukis, C., Santamaría, I., Laddomada, M., Hoffmann, O. (eds.) MOBILIGHT 2010. LNICST, vol. 45, pp. 203–215. Springer, Heidelberg (2010)
TPC Benchmark W (TPC-W), http://www.tpc.org/tpcw/
Li, Z., Wang, L., Chen, Y., Fu, Z.: Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms. In: Proc. of the IEEE Int. Conf. on Network Protocol, pp. 164–173. IEEE CS Press (October 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ficco, M., Rak, M. (2012). Intrusion Tolerance of Stealth DoS Attacks to Web Services. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_52
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_52
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)