Sciweavers

ISSRE
2008
IEEE

Detection and Prediction of Resource-Exhaustion Vulnerabilities

14 years 6 months ago
Detection and Prediction of Resource-Exhaustion Vulnerabilities
Systems connected to the Internet are highly susceptible to denial-of-service attacks that can compromise service availability, causing damage to customers and providers. Due to errors in the design or coding phases, particular client-server interactions can be made to consume much more resources than necessary easing the success of this kind of attack. To address this issue we propose a new methodology for the detection and identification of local resource-exhaustion vulnerabilities. The methodology also gives a prediction on the necessary effort to exploit a specific vulnerability, useful to support decisions regarding the configuration of a system, in order to sustain a certain attack magnitude. The methodology was implemented in a tool called PREDATOR that is able to automatically generate malicious traffic and to perform post-processing analysis to build accurate resource usage projections on a given target server. The validity of the approach was demonstrated with several sy...
João Antunes, Nuno Ferreira Neves, Paulo Ve
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Where ISSRE
Authors João Antunes, Nuno Ferreira Neves, Paulo Veríssimo
Comments (0)