Type

Text

Type

Dissertation

Advisor

Smolka, Scott A | Stoller, Scott | Grosu, Radu | Katsaros, Panagiotis.

Date

2013-12-01

Keywords

Computer science | cost-benefit, countermeasure, DDoS, DNS, formal, probability

Department

Department of Computer Science.

Language

en_US

Source

This work is sponsored by the Stony Brook University Graduate School in compliance with the requirements for completion of degree.

Identifier

http://hdl.handle.net/11401/77276

Publisher

The Graduate School, Stony Brook University: Stony Brook, NY.

Format

application/pdf

Abstract

The Domain Name System (DNS) is an internet-wide, hierarchical naming system used to translate domain names into physical IP addresses. Any disruption of the service DNS provides can have serious consequences. We present a formal analysis of two notable threats to DNS, namely cache poisoning and bandwidth amplification, and the countermeasures designed to prevent their occurrence. Our analysis of these attacks and their countermeasures is given in the form of a cost-benefit analysis, and is based on probabilistic model checking of Continuous-Time Markov Chains. We use CTMCs to model the race between legitimate and malicious traffic in a DNS server under attack, i.e. | the victim. Countermeasure benefits and costs are quantified in terms of probabilistic reachability and reward properties, which are evaluated over all possible execution paths. The results of our analysis support substantive conclusions about the relative effectiveness of the different countermeasures under varying operating conditions. We also validate the criticism that the DNS security extensions devised to eliminate cache poisoning render DNS more vulnerable to bandwidth amplification attacks (BAAs). We also model the DNS BAA as a two-player, turn-based, zero-sum stochastic game between an attacker and a defender. The attacker attempts to flood the victim's bandwidth with malicious traffic by choosing an appropriate number of zombies to attack. In response, the defender nondeterministically chooses among five basic BAA countermeasures, so that the victim can process as much legitimate traffic as possible. We use our game-based model of DNS BAA to generate optimal attack strategies that vary the number of zombies and the optimal defense strategies that combine the basic BAA countermeasures to optimize the attacker's and the defender's payoffs. Such payoffs are defined using probabilistic reward-based properties, and are measured in terms of the attack strategy's ability to minimize the volume of legitimate traffic that is eventually processed and the defense strategy's ability to maximize the volume of legitimate traffic that is eventually processed. | 90 pages

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.