Featured Research

from universities, journals, and other organizations

Proposed Computer Defense System Could Protect Networks From Becoming Launch Pads For Crippling Internet Attacks

Date:
September 25, 2002
Source:
University Of California - Los Angeles
Summary:
UCLA computer scientists are developing a new tool that could prevent network operators from becoming unwitting hosts for a particularly harmful Internet-based threat: the distributed denial of service attack.

UCLA computer scientists are developing a new tool that could prevent network operators from becoming unwitting hosts for a particularly harmful Internet-based threat: the distributed denial of service attack.

Distributed denial of service attacks — or DDoS — have interrupted service on Web sites like Yahoo, eBay, CNN and Amazon, and university campus networks nationwide have been shut down by them. A report released Sept. 18 by the federal President's Critical Infrastructure Protection Board has called upon universities to do more to protect their networks from Internet attacks.

Peter Reiher, adjunct associate professor of computer science at UCLA's Henry Samueli School of Engineering and Applied Science, claims a program called D-WARD could protect entire networks from being used as launch pads for destructive computer attacks. "D-WARD is a defense system that, when deployed on a network, will detect and stop attacks from being launched from that network," Reiher said.

In a DDoS attack, the victim's computer is hit by tens of thousands of data streams that quickly overload the network, denying service to legitimate users. A hacker initiates an attack by tapping into a number of computer networks, gaining control over thousands of machines, and causing each machine to generate traffic toward a particular target. Individual users may not even realize they have become unwilling participants — or "agents" — in a coordinated attack. Hackers use automated tools to compromise an agent computer or network within five seconds. Several thousand agents can be compromised in less than an hour.

D-WARD (an acronym for DDoS netWork Attack Recognition and Defense) protects networks from becoming would-be launch pads for an external hacker by stopping the crippling traffic streams before they have traveled very far. "Attacks can be stopped before they enter the Internet and blend with all the other traffic on its way to the victim," Reiher said. "Being close to the source can make it easier to trace an attack back to its origins."

The D-WARD module is installed on a network router, which serves as a gateway between a local network and the rest of the Internet. All traffic to and from the network passes through this router, and therefore, through D-WARD.

The module polices traffic to and from a network's IP addresses. If traffic flow begins to rise or fall outside normal patterns, the module looks more closely to determine if an attack is originating from that network. If it determines an attack is coming from a particular IP address or connection in the network, D-WARD moves quickly to cut the flow of traffic from that source, stopping an attack in its tracks.

D-WARD, which is still in its design stage, is the brainchild of UCLA graduate student Jelena Mirkovic. She has been working with Reiher on this project for almost two years, and feels that once D-WARD is ready for deployment, systems administrators everywhere will see the benefit of using this kind of defense system. "People who are security conscious will see that a single D-WARD system installed at the exit router would prevent DDoS attacks originating from the whole network," Mirkovic said.

A protected network also shields its owners from the social or financial implications of being used as an agent, Reiher said. "In the future those who do not take reasonable security measures to secure their system may be liable for damages inflicted by attacks coming from their machines."

Mirkovic explains that a defense system must be able to distinguish legitimate heavy traffic flow from an actual attack. "We're trying to catch scenarios where the victim is unable to respond to a large volume of information but continues to receive information anyway," she said.

Most Internet traffic, including e-mail, uses a protocol called TCP. This protocol is supposed to make sure data reliably gets from one user to another. It involves reverse messages, which are replies people receive after they send data to someone else — a file, an e‑mail or a request to view a Web page. "A user never sees these reverse messages," Reiher said, "but for each message you send, you should receive a response from the recipient saying he received your message. If the recipient stops responding, he may be experiencing a problem. While a legitimate user will wait until the congestion clears, an attacker won't stop."

When D-WARD detects that a network user is pumping out traffic without receiving reverse messages from the recipient, it reacts by reducing the amount of traffic that can be sent. This is called "rate-limiting."

"D-WARD is constantly classifying connections and flows and determining the appropriate rate-limits," Mirkovic said. "The module forwards packets belonging to good connections and analyzes suspicious packets more closely."

A nuanced approach to dealing with threats keeps the number of false-positives low. "We examine traffic closely before imposing rate-limits, and then continue to examine traffic once a rate-limit has been imposed to see if it is complying," Reiher said. "This is key to any successful automated approach."

An automated defense system like D-WARD can also assess threats quickly. System administrators spend a significant amount of their time watching for these kinds of things manually, searching records by hand, trying to recognize attack traffic. "That is very laborious," Reiher said. "If you can do it in an automated fashion, you can save all of that effort and still prevent your machines from being used for an attack on someone else."

Reiher and Mirkovic have been testing D-WARD on Linux-based software routers. They now plan to use new IXP programmable routers donated by Intel Corporation. The U.S. Defense Advanced Research Projects Agency (DARPA) has been funding the project since it began.

Reiher, who received both his Master's degree and Ph.D. at UCLA, has been on the faculty since 1992. He and Mirkovic plan to present their findings at an international conference on network protocols this November.


Story Source:

The above story is based on materials provided by University Of California - Los Angeles. Note: Materials may be edited for content and length.


Cite This Page:

University Of California - Los Angeles. "Proposed Computer Defense System Could Protect Networks From Becoming Launch Pads For Crippling Internet Attacks." ScienceDaily. ScienceDaily, 25 September 2002. <www.sciencedaily.com/releases/2002/09/020924072621.htm>.
University Of California - Los Angeles. (2002, September 25). Proposed Computer Defense System Could Protect Networks From Becoming Launch Pads For Crippling Internet Attacks. ScienceDaily. Retrieved October 22, 2014 from www.sciencedaily.com/releases/2002/09/020924072621.htm
University Of California - Los Angeles. "Proposed Computer Defense System Could Protect Networks From Becoming Launch Pads For Crippling Internet Attacks." ScienceDaily. www.sciencedaily.com/releases/2002/09/020924072621.htm (accessed October 22, 2014).

Share This



More Computers & Math News

Wednesday, October 22, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Chameleon Camouflage to Give Tanks Cloaking Capabilities

Chameleon Camouflage to Give Tanks Cloaking Capabilities

Reuters - Innovations Video Online (Oct. 22, 2014) — Inspired by the way a chameleon changes its colour to disguise itself; scientists in Poland want to replace traditional camouflage paint with thousands of electrochromic plates that will continuously change colour to blend with its surroundings. The first PL-01 concept tank prototype will be tested within a few years, with scientists predicting that a similar technology could even be woven into the fabric of a soldiers' clothing making them virtually invisible to the naked eye. Matthew Stock reports. Video provided by Reuters
Powered by NewsLook.com
Internet of Things Aims to Smarten Your Life

Internet of Things Aims to Smarten Your Life

AP (Oct. 22, 2014) — As more and more Bluetooth-enabled devices are reaching consumers, developers are busy connecting them together as part of the Internet of Things. (Oct. 22) Video provided by AP
Powered by NewsLook.com
Free Math App Is A Teacher's Worst Nightmare

Free Math App Is A Teacher's Worst Nightmare

Newsy (Oct. 22, 2014) — New photo-recognition software from MicroBlink, called PhotoMath, solves linear equations and simple math problems with step-by-step results. Video provided by Newsy
Powered by NewsLook.com
Rate Hike Worries Down on Inflation Data

Rate Hike Worries Down on Inflation Data

Reuters - Business Video Online (Oct. 22, 2014) — Inflation remains well under control according to the latest consumer price index, giving the Federal Reserve more room to keep interest rates low for awhile. Bobbi Rebell reports. Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:

Strange & Offbeat Stories

 

Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins