Electrical Engineering
      and Computer Sciences

Electrical Engineering and Computer Sciences

COLLEGE OF ENGINEERING

UC Berkeley

Quantifying Network Denial of Service: A Location Service Case Study

Yan Chen, Adam Bargteil, Randy H. Katz and John Kubiatowicz

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-01-1150
2001

http://www.eecs.berkeley.edu/Pubs/TechRpts/2001/CSD-01-1150.pdf

Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication. Most previous work has focused on network DoS attacks that take advantage of a protocol to launch the attack. We take the broader view that DoS attack is any malicious action which reduces the availability of some resource to some users. Meanwhile, it is highly desirable to be able to measure quantitatively and verify claims pertaining to the security of IT systems and services. As the first attempt to quantify the resilience of a system to broad classes of network DoS attacks, we propose a novel benchmarking methodology and apply it to study the effect of a variety of attacks on directory services in a network setting. Preliminary simulations show the rough ranking of network DoS resilience among centralized directory services, replicated directory services and the newly-emerged distributed directory services, such as Tapestry. Finally, we discuss some potential approaches towards DoS resilience based on our experiments.


BibTeX citation:

@techreport{Chen:CSD-01-1150,
    Author = {Chen, Yan and Bargteil, Adam and Katz, Randy H. and Kubiatowicz, John},
    Title = {Quantifying Network Denial of Service: A Location Service Case Study},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {2001},
    URL = {http://www.eecs.berkeley.edu/Pubs/TechRpts/2001/5262.html},
    Number = {UCB/CSD-01-1150},
    Abstract = {Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication. Most previous work has focused on network DoS attacks that take advantage of a protocol to launch the attack. We take the broader view that DoS attack is any malicious action which reduces the availability of some resource to some users. Meanwhile, it is highly desirable to be able to measure quantitatively and verify claims pertaining to the security of IT systems and services. As the first attempt to quantify the resilience of a system to broad classes of network DoS attacks, we propose a novel benchmarking methodology and apply it to study the effect of a variety of attacks on directory services in a network setting. Preliminary simulations show the rough ranking of network DoS resilience among centralized directory services, replicated directory services and the newly-emerged distributed directory services, such as Tapestry. Finally, we discuss some potential approaches towards DoS resilience based on our experiments.}
}

EndNote citation:

%0 Report
%A Chen, Yan
%A Bargteil, Adam
%A Katz, Randy H.
%A Kubiatowicz, John
%T Quantifying Network Denial of Service: A Location Service Case Study
%I EECS Department, University of California, Berkeley
%D 2001
%@ UCB/CSD-01-1150
%U http://www.eecs.berkeley.edu/Pubs/TechRpts/2001/5262.html
%F Chen:CSD-01-1150