SGER: A New Approach for Identifying DoS Attackers Based on Group Testing Techniques

SGER：基于组测试技术识别 DoS 攻击者的新方法

• 批准号: 0847869
• 负责人: My Thai
• 金额: $ 15万
• 依托单位: University of Florida
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0847869&HistoricalAwards=false
• 关键词: SGER; New; Approach; Identifying; DoS

One of the most critical problems in Internet security is the Denial-of-Service (DoS) attack, which aims to make a service unavailable to legitimate clients. In this project, we consider a sophisticated attack, called service-level DoS attack, which is very difficult to identify as malicious requests can be made arbitrarily similar to legitimate ones and can bypass the network-based defense systems. We propose a novel framework to detect the attackers based on the group testing (GT) technique which can overcome the limitations of current detection approaches. More specifically, this project seeks to investigate the following challenges: 1) Dynamic threshold model is studied to handle the legitimate bursts and variance in the number of clients on each server; 2) Legitimates and malicious requests are similar, required new testing design without examining each request one by one or tightly specifying legitimate behaviors; 3) In addition, the study of the proposed model evokes a new type of GT, called Size Constraint Group Testing (SCGT) which requires an in depth analysis of matrix construction complexity. This mathematically rigorous framework helps to minimize the false positive and false negative of detection, which is the main problem currently for any existing defense mechanisms.

互联网安全性最关键的问题之一是拒绝服务（DOS）攻击，该攻击旨在使合法客户无法提供服务。在这个项目中，我们考虑了一种复杂的攻击，称为服务级DOS攻击，这很难确定，因为恶意请求可以任意与合法的请求相似，并且可以绕过基于网络的防御系统。我们提出了一个新型框架，以基于组测试（GT）技术来检测攻击者，该技术可以克服当前检测方法的局限性。更具体地说，该项目旨在研究以下挑战：1）研究动态阈值模型，以处理每个服务器上客户端数量的合法爆发和差异； 2）合法性​​和恶意请求相似，需要新的测试设计，而无需一个一个一个一个或一个紧密指定合法行为； 3）此外，对拟议模型的研究还唤起了一种新型的GT，称为尺寸约束组测试（SCGT），该GT需要对矩阵构造复杂性进行深入分析。在数学上，严格的框架有助于最大程度地减少检测的假阳性和假阴性，这是目前对于任何现有防御机制的主要问题。