Show simple item record

dc.contributor.authorSreekar Shenoy, Govind
dc.contributor.authorTubella Murgadas, Jordi
dc.contributor.authorGonzález Colás, Antonio María
dc.contributor.otherUniversitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors
dc.date.accessioned2013-06-05T09:31:15Z
dc.date.created2012
dc.date.issued2012
dc.identifier.citationSreekar Shenoy, G.; Tubella, J.; González, A. Improving the resilience of an IDS against performance throttling attacks. A: International Conference on Security and Privacy in Communication Networks. "Security and Privacy in Communication Networks: 8th International ICST Conference, SecureComm 2012: Padua, Italy, September 3-5, 2012: revised selected papers". Sydney: Springer, 2012, p. 167-184.
dc.identifier.isbn978-3-642-36883-7
dc.identifier.urihttp://hdl.handle.net/2117/19515
dc.description.abstractIntrusion Detection Systems (IDS) have emerged as one of the most promising ways to secure systems in the network. To be effective against evasion attempts, the IDS must provide tight bounds on performance. Otherwise an adversary can bypass the IDS by carefully crafting and sending packets that throttle it. This can render the IDS ineffective, thus resulting in the network becoming vulnerable. We present a performance throttling attack mounted against the computationally intensive string matching algorithm. This algorithm performs string matching by traversing a finite-state-machine (FSM). We observe that there are some input bytes that sequentially traverse a chain of 30 pointers. This chain of traversal drastically degrades performance, and we observe a 22X performance drop in comparison to the average case performance. We investigate hardware and software mechanisms to counter this performance degradation. The software mechanism is targeted for commodity general purpose CPUs. While the hardware-based mechanism uses a parallel traversal suitable for network processor architectures. Our results show that our proposed mechanisms significantly improves (by over 3X magnitude) string matching algorithm’s worst performing cases.
dc.format.extent18 p.
dc.language.isoeng
dc.publisherSpringer
dc.subjectÀrees temàtiques de la UPC::Informàtica::Seguretat informàtica
dc.subject.lcshIntrusion detection systems (Computer security)
dc.subject.lcshComputer networks -- Security measures
dc.titleImproving the resilience of an IDS against performance throttling attacks
dc.typeConference report
dc.subject.lemacSeguretat informàtica
dc.subject.lemacOrdinadors, Xarxes d' -- Mesures de seguretat
dc.contributor.groupUniversitat Politècnica de Catalunya. ARCO - Microarquitectura i Compiladors
dc.identifier.doi10.1007/978-3-642-36883-7_11
dc.rights.accessRestricted access - publisher's policy
local.identifier.drac11513815
dc.description.versionPostprint (published version)
dc.date.lift10000-01-01
local.citation.authorSreekar Shenoy, G.; Tubella, J.; González, A.
local.citation.contributorInternational Conference on Security and Privacy in Communication Networks
local.citation.pubplaceSydney
local.citation.publicationNameSecurity and Privacy in Communication Networks: 8th International ICST Conference, SecureComm 2012: Padua, Italy, September 3-5, 2012: revised selected papers
local.citation.startingPage167
local.citation.endingPage184


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record