The doctoral dissertations of the former Helsinki University of Technology (TKK) and Aalto University Schools of Technology (CHEM, ELEC, ENG, SCI) published in electronic format are available in the electronic publications archive of Aalto University - Aaltodoc.
Aalto

Mitigating Denial of Service Attacks in Computer Networks

Jarmo Mölsä

Dissertation for the degree of Doctor of Science in Technology to be presented with due permission of the Department of Electrical and Communications Engineering for public examination and debate in Auditorium S5 at Helsinki University of Technology (Espoo, Finland) on the 5th of June, 2006, at 12 noon.

Overview in PDF format (ISBN 951-22-8215-1)   [687 KB]
Dissertation is also available in print (ISBN 951-22-8214-3)

Abstract

This dissertation studies how to defend against denial of service (DoS) attacks in computer networks. As it is not possible to prevent these attacks, one must concentrate on mitigating them. A comprehensive approach for mitigating DoS attacks is presented here. This approach is based on understanding both attack and defense mechanisms, and selecting a cost-effective set of defenses using risk management. Defense mechanisms are, however, not available against all possible attack types. For example, organization-specific servers of the Domain Name System are typically not well-managed, and DoS attacks against these kinds of name servers can easily be successful. This dissertation describes and simulates a new defense mechanism for protecting these authoritative name servers.

A new approach in implementing defenses is cross-layer security, in which information from different protocol layers is used in a coordinated fashion instead of separating layers strictly. Two cross-layer designs are presented here for mitigating range attacks in ad hoc networks. The range attack is a new DoS attack where an attacker modifies the transmission range of a wireless node periodically. This overloads an ad-hoc routing protocol. The simulation results indicate the usefulness of cross-layering in mitigating the range attack. Resilience of different ad-hoc routing protocols against the range attack is also analyzed here. According to the simulation results this resilience is situation dependent. Depending on the quality of service requirements of the primary application, different ad-hoc routing protocols are resistant against the range attack.

Game theory is used here to study the selection of defense strategies. The analysis shows that it can be beneficial to use different defense strategies randomly, one at a time. The game theoretic approach points out a possibility for using meta-strategies where an attacker can force a victim to perceive the benefits and weaknesses of a defense mechanism in an unrealistic way.

Evaluations of existing defense mechanisms are typically carried out under ideal conditions or relevant risks are completely ignored. This dissertation presents a taxonomy of criteria for evaluating defense mechanisms against DoS attacks. This taxonomy gives a list of issues to be considered during an evaluation process. The effectiveness of rate limiting is evaluated here with special attention paid to the damage on legitimate traffic.

This thesis consists of an overview and of the following 7 publications:

  1. Jarmo Mölsä, Mitigating denial of service attacks: A tutorial, Journal of Computer Security, vol. 13, no. 6, pp. 807-837, 2005. © 2005 IOS Press. By permission.
  2. Jarmo Mölsä, Mitigating DoS attacks against the DNS with dynamic TTL values, in Proceedings of the Ninth Nordic Workshop on Secure IT Systems, Espoo, Finland, Nov. 2004, pp. 118-124. © 2004 by author.
  3. Jarmo Mölsä, Cross-layer designs for mitigating range attacks in ad hoc networks, in Proceedings of the IASTED International Conference on Parallel and Distributed Computing and Networks, Innsbruck, Austria, Feb. 2006, pp. 64-69. © 2006 International Association of Science and Technology for Development (IASTED). By permission.
  4. Jarmo Mölsä, Increasing the DoS attack resiliency in military ad hoc networks, in Proceedings of the 2005 IEEE Military Communications Conference (MILCOM 2005), Atlantic City, New Jersey, USA, Oct. 2005. © 2005 IEEE. By permission.
  5. Jarmo Mölsä, A taxonomy of criteria for evaluating defence mechanisms against flooding DoS attacks, in Proceedings of the First European Conference on Computer Network Defence, Pontypridd, Wales, UK, Dec. 2005, pp. 13-22. © 2005 Springer Science+Business Media. By permission.
  6. Jarmo Mölsä, Effectiveness of rate-limiting in mitigating flooding DoS attacks, in Proceedings of the Third IASTED International Conference on Communications, Internet, and Information Technology, St. Thomas, US Virgin Islands, USA, Nov. 2004, pp. 155-160. © 2004 International Association of Science and Technology for Development (IASTED). By permission.
  7. Jorma Jormakka and Jarmo Mölsä, Modelling information warfare as a game, Journal of Information Warfare, vol. 4, no. 2, pp. 12-25, Sept. 2005. © 2005 by authors.

Errata of publication 7

Keywords: network security, denial of service attacks, attack mechanisms, defense mechanisms

This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.

© 2006 Helsinki University of Technology

Last update 2011-05-26