TY - GEN
T1 - Detection and prediction of resource-exhaustion vulnerabilities
AU - Antunes, João
AU - Neves, Nuno Ferreira
AU - Verissimo, Paulo
N1 - Generated from Scopus record by KAUST IRTS on 2021-03-16
PY - 2008/12/1
Y1 - 2008/12/1
N2 - Systems connected to the Internet are highly susceptible to denial-of-service attacks that can compromise service availability, causing damage to customers and providers. Due to errors in the design or coding phases, particular client-server interactions can be made to consume much more resources than necessary easing the success of this kind of attack. To address this issue we propose a new methodology for the detection and identification of local resource-exhaustion vulnerabilities. The methodology also gives a prediction on the necessary effort to exploit a specific vulnerability, useful to support decisions regarding the configuration of a system, in order to sustain a certain attack magnitude. The methodology was implemented in a tool called PREDATOR that is able to automatically generate malicious traffic and to perform post-processing analysis to build accurate resource usage projections on a given target server. The validity of the approach was demonstrated with several synthetic programs and well-known DNS servers. © 2008 IEEE.
AB - Systems connected to the Internet are highly susceptible to denial-of-service attacks that can compromise service availability, causing damage to customers and providers. Due to errors in the design or coding phases, particular client-server interactions can be made to consume much more resources than necessary easing the success of this kind of attack. To address this issue we propose a new methodology for the detection and identification of local resource-exhaustion vulnerabilities. The methodology also gives a prediction on the necessary effort to exploit a specific vulnerability, useful to support decisions regarding the configuration of a system, in order to sustain a certain attack magnitude. The methodology was implemented in a tool called PREDATOR that is able to automatically generate malicious traffic and to perform post-processing analysis to build accurate resource usage projections on a given target server. The validity of the approach was demonstrated with several synthetic programs and well-known DNS servers. © 2008 IEEE.
UR - https://ieeexplore.ieee.org/document/4700313/
UR - http://www.scopus.com/inward/record.url?scp=67249137066&partnerID=8YFLogxK
U2 - 10.1109/ISSRE.2008.47
DO - 10.1109/ISSRE.2008.47
M3 - Conference contribution
SN - 9780769534053
SP - 87
EP - 96
BT - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
ER -