Show simple item record

dc.contributor.authorSreekar Shenoy, Govind
dc.contributor.authorTubella Murgadas, Jordi
dc.contributor.authorGonzález Colás, Antonio María
dc.contributor.otherUniversitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors
dc.date.accessioned2013-05-28T10:21:42Z
dc.date.created2012
dc.date.issued2012
dc.identifier.citationSreekar Shenoy, G.; Tubella, J.; González, A. Hardware/software mechanisms for protecting an IDS against algorithmic complexity attacks. A: IEEE International Parallel and Distributed Processing Symposium. "Proceedings of the 2012 IEEE 26th International Parallel and Distributed Processing Symposium: workshops: 21-25 May 2012, Shanghai, China". Shanghai: Institute of Electrical and Electronics Engineers (IEEE), 2012, p. 1190-1196.
dc.identifier.isbn978-0-7695-4676-6
dc.identifier.urihttp://hdl.handle.net/2117/19426
dc.description.abstractIntrusion Detection Systems (IDS) have emerged as one of the most promising ways to secure systems in the network. An IDS like the popular Snort[17] detects attacks on the network using a database of previous attacks. So in order to detect these attack strings in the packet, Snort uses the Aho-Corasick algorithm. This algorithm first constructs a Finite State Machine (FSM) from the attack strings, and subsequently traverses the FSM using bytes from the packet. We observe that there are input bytes that result in a traversal of a series of FSM states (also viewed as pointers). This chain of pointer traversal significantly degrades (22X) the processing time of an input byte. Such a wide variance in the processing time of an input byte can be exploited by an adversary to throttle the IDS. If the IDS is unable to keep pace with the network traffic, the IDS gets disabled. So in the process the network becomes vulnerable. Attacks done in this manner are referred to as algorithmic complexity attacks, and arise due to weaknesses in IDS processing. In this work, we explore defense mechanisms to the above outlined algorithmic complexity attack. Our proposed mechanisms provide over 3X improvement in the worst-case performance.
dc.format.extent7 p.
dc.language.isoeng
dc.publisherInstitute of Electrical and Electronics Engineers (IEEE)
dc.subjectÀrees temàtiques de la UPC::Informàtica::Seguretat informàtica
dc.subject.lcshComputer networks -- Security measures
dc.subject.lcshIntrusion detection systems (Computer security)
dc.subject.otherDefense mechanisms
dc.subject.otherHardware support
dc.subject.otherIntrusion detection systems
dc.titleHardware/software mechanisms for protecting an IDS against algorithmic complexity attacks
dc.typeConference report
dc.subject.lemacOrdinadors, Xarxes d' -- Mesures de seguretat
dc.contributor.groupUniversitat Politècnica de Catalunya. ARCO - Microarquitectura i Compiladors
dc.identifier.doi10.1109/IPDPSW.2012.145
dc.relation.publisherversionhttp://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6270773
dc.rights.accessRestricted access - publisher's policy
local.identifier.drac11056268
dc.description.versionPostprint (published version)
dc.date.lift10000-01-01
local.citation.authorSreekar Shenoy, G.; Tubella, J.; González, A.
local.citation.contributorIEEE International Parallel and Distributed Processing Symposium
local.citation.pubplaceShanghai
local.citation.publicationNameProceedings of the 2012 IEEE 26th International Parallel and Distributed Processing Symposium: workshops: 21-25 May 2012, Shanghai, China
local.citation.startingPage1190
local.citation.endingPage1196


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record