TWC: Option: Small: FRADE: Model Human Behavior for Flash cRowd Attack DEfense

TWC：选项：小：FRADE：Flash cRowd 攻击防御的人类行为模型

• 批准号: 1319215
• 负责人: Jelena Mirkovic
• 金额: $ 47.95万
• 依托单位: University of Southern California
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-10-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1319215&HistoricalAwards=false
• 关键词: TWC; Option; Small; FRADE; Model

Application-level, aka ``flash-DDoS'' attacks are the most challenging form of distributed denial of service (DDoS). They flood the victim with legitimate-like service requests generated from numerous bots. There is no defense today that is even remotely effective against flash-DDoS attacks, thus such attacks are today a serious and unmitigated threat to any server. Our project works on developing defenses against flash-DDoS attacks that can pinpoint traffic sent by automated bots and differentiate it from human-generated traffic. Bot IPs are then blacklisted and their traffic filtered protecting the server under attack without any damage to legitimate users. Our project develops novel technologies called ASTUTE (pASsive TUring TEsts) to distinguish bots from human users, by modeling three aspects of human user behavior: (1) dynamics of human-server interaction, (2) human preference for server content, and (3) human processing of visual and textual cues. IP addresses of detected bots will be blacklisted and their traffic will be dropped during server overload. ASTUTE technologies model human behavior without conscious human participation, thus performing Turing tests (human vs machine differentiation) transparently to humans. We will implement all our code as extensions of popular open-source server platforms, such as Apache (for Web) and bind (for DNS). At the end of this work we will deliver working prototypes of these extensions, thus our research will directly transition into practice for any interested party at no cost to them. All our code will be released as open-source under the GNU GPL v3 license.

应用程序级攻击（又名“flash-DDoS”）是分布式拒绝服务 (DDoS) 中最具挑战性的形式。他们向受害者发送大量由机器人生成的类似合法的服务请求。如今，没有任何防御措施可以远程有效地抵御 Flash-DDoS 攻击，因此此类攻击如今对任何服务器都是严重且彻底的威胁。我们的项目致力于开发针对 flash-DDoS 攻击的防御措施，可以精确定位自动机器人发送的流量并将其与人为生成的流量区分开来。然后，机器人 IP 会被列入黑名单，其流量会被过滤，从而保护服务器免受攻击，而不会对合法用户造成任何损害。我们的项目开发了名为 ASTUTE（被动图灵测试）的新技术，通过对人类用户行为的三个方面进行建模来区分机器人和人类用户：(1) 人类与服务器交互的动态，(2) 人类对服务器内容的偏好，以及 (3) 人类对视觉和文本提示的处理。检测到的机器人的 IP 地址将被列入黑名单，并且在服务器过载期间其流量将被丢弃。 ASTUTE 技术在没有人类有意识参与的情况下模拟人类行为，从而对人类透明地执行图灵测试（人类与机器区分）。 我们将把所有代码实现为流行的开源服务器平台的扩展，例如 Apache（用于 Web）和 Bind（用于 DNS）。在这项工作结束时，我们将提供这些扩展的工作原型，因此我们的研究将直接转化为任何感兴趣的各方的实践，而无需他们承担任何费用。我们所有的代码都将在 GNU GPL v3 许可证下作为开源发布。