Detection and prediction of resource-exhaustion vulnerabilities

  • Antunes J
  • Neves N
  • Verissimo P
  • 18

    Readers

    Mendeley users who have this article in their library.
  • 12

    Citations

    Citations of this article.

Abstract

Systems connected to the Internet are highly susceptible to denial-of-service attacks that can compromise service availability, causing damage to customers and providers. Due to errors in the design or coding phases, particular client-server interactions can be made to consume much more resources than necessary easing the success of this kind of attack.To address this issue we propose a new methodology for the detection and identification of local resource-exhaustion vulnerabilities. The methodology also gives a prediction on the necessary effort to exploit a specific vulnerability, useful to support decisions regarding the configuration of a system, in order to sustain a certain attack magnitude.The methodology was implemented in a tool called PREDATOR that is able to automatically generate malicious traffic and to perform post-processing analysis to build accurate resource usage projections on a given target server.The validity of the approach was demonstrated with several synthetic programs and well-known DNS servers.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

  • João Antunes

  • Nuno Ferreira Neves

  • Paulo Verissimo

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free