SGER: A New Approach for Identifying DoS Attackers Based on Group Testing Techniques

SGER：基于组测试技术识别 DoS 攻击者的新方法

• 批准号: 0847869
• 负责人: My Thai
• 金额: $ 15万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0847869&HistoricalAwards=false
• 关键词: SGER; New; Approach; Identifying; DoS

One of the most critical problems in Internet security is the Denial-of-Service (DoS) attack, which aims to make a service unavailable to legitimate clients. In this project, we consider a sophisticated attack, called service-level DoS attack, which is very difficult to identify as malicious requests can be made arbitrarily similar to legitimate ones and can bypass the network-based defense systems. We propose a novel framework to detect the attackers based on the group testing (GT) technique which can overcome the limitations of current detection approaches. More specifically, this project seeks to investigate the following challenges: 1) Dynamic threshold model is studied to handle the legitimate bursts and variance in the number of clients on each server; 2) Legitimates and malicious requests are similar, required new testing design without examining each request one by one or tightly specifying legitimate behaviors; 3) In addition, the study of the proposed model evokes a new type of GT, called Size Constraint Group Testing (SCGT) which requires an in depth analysis of matrix construction complexity. This mathematically rigorous framework helps to minimize the false positive and false negative of detection, which is the main problem currently for any existing defense mechanisms.

互联网安全中最关键的问题之一是拒绝服务 (DoS) 攻击，其目的是使合法客户端无法获得服务。在这个项目中，我们考虑一种复杂的攻击，称为服务级 DoS 攻击，这种攻击很难识别，因为恶意请求可以与合法请求任意相似，并且可以绕过基于网络的防御系统。我们提出了一种基于组测试（GT）技术的攻击者检测新框架，可以克服当前检测方法的局限性。更具体地说，该项目旨在研究以下挑战：1）研究动态阈值模型来处理每台服务器上客户端数量的合法突发和变化； 2）合法请求和恶意请求相似，需要新的测试设计，而不是一一检查每个请求或严格指定合法行为； 3）此外，对所提出模型的研究引发了一种新型GT，称为规模约束组测试（SCGT），它需要对矩阵构造复杂性进行深入分析。这种数学上严格的框架有助于最大限度地减少检测的误报和漏报，这是目前任何现有防御机制的主要问题。