Mostra el registre d'ítem simple
Improving the resilience of an IDS against performance throttling attacks
| dc.contributor.author | Sreekar Shenoy, Govind |
| dc.contributor.author | Tubella Murgadas, Jordi |
| dc.contributor.author | González Colás, Antonio María |
| dc.contributor.other | Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors |
| dc.date.accessioned | 2013-06-05T09:31:15Z |
| dc.date.created | 2012 |
| dc.date.issued | 2012 |
| dc.identifier.citation | Sreekar Shenoy, G.; Tubella, J.; González, A. Improving the resilience of an IDS against performance throttling attacks. A: International Conference on Security and Privacy in Communication Networks. "Security and Privacy in Communication Networks: 8th International ICST Conference, SecureComm 2012: Padua, Italy, September 3-5, 2012: revised selected papers". Sydney: Springer, 2012, p. 167-184. |
| dc.identifier.isbn | 978-3-642-36883-7 |
| dc.identifier.uri | http://hdl.handle.net/2117/19515 |
| dc.description.abstract | Intrusion Detection Systems (IDS) have emerged as one of the most promising ways to secure systems in the network. To be effective against evasion attempts, the IDS must provide tight bounds on performance. Otherwise an adversary can bypass the IDS by carefully crafting and sending packets that throttle it. This can render the IDS ineffective, thus resulting in the network becoming vulnerable. We present a performance throttling attack mounted against the computationally intensive string matching algorithm. This algorithm performs string matching by traversing a finite-state-machine (FSM). We observe that there are some input bytes that sequentially traverse a chain of 30 pointers. This chain of traversal drastically degrades performance, and we observe a 22X performance drop in comparison to the average case performance. We investigate hardware and software mechanisms to counter this performance degradation. The software mechanism is targeted for commodity general purpose CPUs. While the hardware-based mechanism uses a parallel traversal suitable for network processor architectures. Our results show that our proposed mechanisms significantly improves (by over 3X magnitude) string matching algorithm’s worst performing cases. |
| dc.format.extent | 18 p. |
| dc.language.iso | eng |
| dc.publisher | Springer |
| dc.subject | Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| dc.subject.lcsh | Intrusion detection systems (Computer security) |
| dc.subject.lcsh | Computer networks -- Security measures |
| dc.title | Improving the resilience of an IDS against performance throttling attacks |
| dc.type | Conference report |
| dc.subject.lemac | Seguretat informàtica |
| dc.subject.lemac | Ordinadors, Xarxes d' -- Mesures de seguretat |
| dc.contributor.group | Universitat Politècnica de Catalunya. ARCO - Microarquitectura i Compiladors |
| dc.identifier.doi | 10.1007/978-3-642-36883-7_11 |
| dc.rights.access | Restricted access - publisher's policy |
| local.identifier.drac | 11513815 |
| dc.description.version | Postprint (published version) |
| dc.date.lift | 10000-01-01 |
| local.citation.author | Sreekar Shenoy, G.; Tubella, J.; González, A. |
| local.citation.contributor | International Conference on Security and Privacy in Communication Networks |
| local.citation.pubplace | Sydney |
| local.citation.publicationName | Security and Privacy in Communication Networks: 8th International ICST Conference, SecureComm 2012: Padua, Italy, September 3-5, 2012: revised selected papers |
| local.citation.startingPage | 167 |
| local.citation.endingPage | 184 |