SaTC: CORE: Small: Hardening Systems Against Low-Rate DDoS Attacks

SaTC:核心:小型:针对低速率 DDoS 攻击的强化系统

基本信息

  • 批准号:
    1815495
  • 负责人:
  • 金额:
    $ 50万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2018
  • 资助国家:
    美国
  • 起止时间:
    2018-09-01 至 2021-08-31
  • 项目状态:
    已结题

项目摘要

Low-rate denial-of-service (LRD) attacks deny access to services by depleting some limited resource at the end host or a network device. This makes the device unable to process legitimate clients' traffic. LRD attacks are very challenging to detect and handle at the network level, since they are very low-rate. It makes the attack traffic a needle in a haystack of legitimate traffic. On the other hand, detecting LRD at the application would require changes to many applications, and would only be effective against specific attack variants. All online services are vulnerable to distributed denial-of-service (DDoS) attacks, and LRD attacks are especially challenging to handle today, because they can be launched from smaller botnets and at lower rates than flooding attacks. This project designs and builds an LRD defense, called Leader, which is application-agnostic and can handle both current and future attack variants with the same mechanism. Leader makes all online services robust against LRD attacks by helping the services smartly manage their resources and identify and neutralize misuse attempts. This in turn improves the security of the entire Internet, as well as the security of our critical infrastructure. Where full mitigation is not possible, the planned approach raises the bar for attackers, by forcing them to recruit large botnets. The project will generate lecture modules and practical exercises to be used in current courses and shared publicly. Leader defense builds profiles that describe how external requests, clients, applications and the entire device use system resources. These profiles, called "connection life stages" contain information about the type and the amount of the resource used, the order in which the use occurs and the time that each chunk of resource is being held. Leader compares instantaneous profiles to baseline profiles at connection, client, application and device level to detect denial of service and identify the resources being affected. Leader further uses connection life stages to perform anomaly detection, which is used for attack diagnostics and mitigation. In rare cases when the profiles do not show anomalous use of resources, or cannot attribute it to specific connections or clients, Leader resorts to offline binary analysis of affected applications. This analysis helps understand how code paths in the application use system resources, and identify possible code changes to increase robustness to LRD attacks. Leader's combination of system, network and application-level monitoring of the patterns of resource use, and the accounting of resource usage per each external service request, is a unique, novel feature. Leader defense is implemented as an operating system (OS) module, and thus protects the deploying device against all LRD attacks at the OS and the application level.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
低速率拒绝服务(LRD)攻击通过耗尽终端主机或网络设备上的某些有限资源来拒绝对服务的访问。这使得设备无法处理合法客户端的流量。LRD攻击在网络级别检测和处理非常具有挑战性,因为它们的速率非常低。它使攻击流量成为合法流量的大海捞针。另一方面,在应用程序中检测LRD将需要对许多应用程序进行更改,并且仅对特定的攻击变体有效。所有在线服务都容易受到分布式拒绝服务(DDoS)攻击,而LRD攻击在今天尤其具有挑战性,因为它们可以从较小的僵尸网络发起,并且比洪水攻击的速率更低。该项目设计并构建了一个名为Leader的LRD防御,它与应用程序无关,可以用相同的机制处理当前和未来的攻击变体。 Leader通过帮助服务智能管理其资源并识别和消除滥用尝试,使所有在线服务都能抵御LRD攻击。这反过来又提高了整个互联网的安全性,以及我们关键基础设施的安全性。在无法完全缓解的情况下,计划中的方法通过迫使攻击者招募大型僵尸网络来提高攻击者的门槛。该项目将产生用于当前课程并公开分享的授课模块和实践练习。Leader Defense构建描述外部请求、客户端、应用程序和整个设备如何使用系统资源的配置文件。这些配置文件称为“连接生命阶段”,包含有关所使用资源的类型和数量、使用发生的顺序以及每个资源块被占用的时间的信息。Leader在连接、客户端、应用程序和设备级别将即时配置文件与基线配置文件进行比较,以检测拒绝服务并识别受影响的资源。Leader还使用连接生命周期阶段来执行异常检测,用于攻击诊断和缓解。在极少数情况下,当配置文件没有显示资源的异常使用,或者无法将其归因于特定的连接或客户端时,Leader会对受影响的应用程序进行离线二进制分析。此分析有助于了解应用程序中的代码路径如何使用系统资源,并识别可能的代码更改以提高对LRD攻击的鲁棒性。Leader将系统、网络和应用程序级别的资源使用模式监控与每个外部服务请求的资源使用会计相结合,是一个独特的新颖功能。Leader Defense作为一个操作系统(OS)模块实现,从而保护部署设备免受OS和应用程序级别的所有LRD攻击。该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Jelena Mirkovic其他文献

Identifying Personal Strengths to Help Patients Manage Chronic Illness
确定个人优势以帮助患者应对慢性病
  • DOI:
    10.25302/3.2019.cer.732
  • 发表时间:
    2019
  • 期刊:
  • 影响因子:
    9
  • 作者:
    K. Stange;Heide Aungst;M. Baker;C. Bouyer;Bruce Catalano;M. Cintron;Nicholas Cohen;Patricia Gannon;Jules Gilliam;Heidi L Gullett;Kristen Hassmiller;S. Horner;R. Karmali;Ó. Kristjansdottir;Rachel Martukovich;Jelena Mirkovic;James E. Misak;S. Moore;Natalie Ponyicky;A. Reichsman;Mary C. Ruhe;C. Ruland;Debra Schaadt;Una Stenberg;Sarah A. Sweeney;A. van der Meulen;R. Weinberger;Jewel Williams;Joy Yokie
  • 通讯作者:
    Joy Yokie
Security and privacy legislation guidelines for developing personal health records
制定个人健康记录的安全和隐私立法指南
Chromosome
染色体
  • DOI:
    10.1007/978-1-4419-5906-5_1259
  • 发表时间:
    2011
  • 期刊:
  • 影响因子:
    3.5
  • 作者:
    Lars R. Knudsen;Gregor Leander;Friedrich L. Bauer;Christophe De Cannière;Christophe De Cannière;Christophe Petit;Jean;Bart Preneel;Carlisle M. Adams;Anton Stiglic;Alexander W. Dent;R. Housley;S. Turner;Matthias Schunter;Gerrit Bleumer;Mike Just;David Naccache;H. V. Tilborg;S. Vimercati;Pierangela Samarati;Ebru Celikel Cankaya;Alex Biryukov;Lee McFearin;Sabrina De Capitani di Vimercati;Burt Kaliski;Caroline Fontaine;D. Micciancio;N. Sendrier;Nadia Heninger;Jelena Mirkovic;Anne Canteaut;Claude Crépeau;Tom Caddy;P. Salvaneschi;Markus G. Kuhn;Salil Vadhan;Igor Shparlinski;Xiaofeng Wang;G. Dr;Moritz Riesner;M. Vauclair;Arnon Rosenthal;E. Sciore;M. Soete;Michael T. Hunter;C. Carlet;F. Cuppens;Nora Cuppens;Yvo Desmedt;Torben P. Pedersen;M. Locasto;Dan Boneh;Adam J. Lee;Engin Kirda;Tor Helleseth;David accache;Hideki Imai;Atsuhiro Yamagishi;Marion Videau;P. Charpin
  • 通讯作者:
    P. Charpin
Developing Technology to Mobilize Personal Strengths in People with Chronic Illness: Positive Codesign Approach
开发技术来调动慢性病患者的个人优势:积极的协同设计方法
  • DOI:
    10.2196/10774
  • 发表时间:
    2018
  • 期刊:
  • 影响因子:
    2.2
  • 作者:
    Jelena Mirkovic;Stian Jessen;Ó. Kristjansdottir;Tonje Krogseth;A. T. Koricho;C. Ruland
  • 通讯作者:
    C. Ruland

Jelena Mirkovic的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Jelena Mirkovic', 18)}}的其他基金

Research Infrastructure: Mid-scale RI-1 (M1:IP): SPHERE - Security and Privacy Heterogeneous Environment for Reproducible Experimentation
研究基础设施:中型 RI-1 (M1:IP):SPHERE - 用于可重复实验的安全和隐私异构环境
  • 批准号:
    2330066
  • 财政年份:
    2023
  • 资助金额:
    $ 50万
  • 项目类别:
    Cooperative Agreement
CCRI: NEW: CLASSNET: Community Labeling and Sharing of Security and Networking Test datasets
CCRI:新:CLASSNET:安全和网络测试数据集的社区标签和共享
  • 批准号:
    2120400
  • 财政年份:
    2021
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
REU Site: SURF-I: Safe, Usable, Resilient and Fair Internet
REU 网站:SURF-I:安全、可用、有弹性和公平的互联网
  • 批准号:
    2051101
  • 财政年份:
    2021
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
CCRI: ENS: Modernizing and Streamlining DeterLab Testbed Experimentation
CCRI:ENS:现代化和简化 DeterLab 测试床实验
  • 批准号:
    2016643
  • 财政年份:
    2020
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
Elements: Software: Distributed Workflows for Cyberexperimentation
要素:软件:网络实验的分布式工作流程
  • 批准号:
    1835608
  • 财政年份:
    2018
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
REU Site: Human Communication in a Connected World
REU 网站:互联世界中的人类沟通
  • 批准号:
    1659886
  • 财政年份:
    2017
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
Collaborative Research: Modeling Student Activity and Learning on Cybersecurity Testbeds
协作研究:在网络安全测试平台上对学生活动和学习进行建模
  • 批准号:
    1723717
  • 财政年份:
    2017
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
EDU: Revitalizing Cyber Security Education and Research through Competitions
EDU:通过竞赛振兴网络安全教育和研究
  • 批准号:
    1319197
  • 财政年份:
    2014
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
TWC: Option: Small: FRADE: Model Human Behavior for Flash cRowd Attack DEfense
TWC:选项:小:FRADE:Flash cRowd 攻击防御的人类行为模型
  • 批准号:
    1319215
  • 财政年份:
    2013
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
TWC: Small: Critter@home: Content-Rich Traffic Trace Repository from Real-Time, Anonymous, User Contributions
TWC:小型:Critter@home:来自实时、匿名、用户贡献的内容丰富的流量跟踪存储库
  • 批准号:
    1224035
  • 财政年份:
    2012
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant

相似国自然基金

胆固醇羟化酶CH25H非酶活依赖性促进乙型肝炎病毒蛋白Core及Pre-core降解的分子机制研究
  • 批准号:
    82371765
  • 批准年份:
    2023
  • 资助金额:
    50 万元
  • 项目类别:
    面上项目
锕系元素5f-in-core的GTH赝势和基组的开发
  • 批准号:
    22303037
  • 批准年份:
    2023
  • 资助金额:
    30 万元
  • 项目类别:
    青年科学基金项目
基于合成致死策略搭建Core-matched前药共组装体克服肿瘤耐药的机制研究
  • 批准号:
  • 批准年份:
    2022
  • 资助金额:
    52 万元
  • 项目类别:
鼠伤寒沙门氏菌LPS core经由CD209/SphK1促进树突状细胞迁移加重炎症性肠病的机制研究
  • 批准号:
  • 批准年份:
    2022
  • 资助金额:
    30 万元
  • 项目类别:
    青年科学基金项目
肌营养不良蛋白聚糖Core M3型甘露糖肽的精确制备及功能探索
  • 批准号:
    92053110
  • 批准年份:
    2020
  • 资助金额:
    70.0 万元
  • 项目类别:
    重大研究计划
Core-1-O型聚糖黏蛋白缺陷诱导胃炎发生并介导慢性胃炎向胃癌转化的分子机制研究
  • 批准号:
    81902805
  • 批准年份:
    2019
  • 资助金额:
    20.5 万元
  • 项目类别:
    青年科学基金项目
原始地球增生晚期的Core-merging大碰撞事件:地核增生、核幔平衡与核幔边界结构的新认识
  • 批准号:
    41973063
  • 批准年份:
    2019
  • 资助金额:
    65.0 万元
  • 项目类别:
    面上项目
CORDEX-CORE区域气候模拟与预估研讨会
  • 批准号:
    41981240365
  • 批准年份:
    2019
  • 资助金额:
    1.5 万元
  • 项目类别:
    国际(地区)合作与交流项目
RBM38通过协助Pol-ε结合、招募core调控HBV复制
  • 批准号:
    31900138
  • 批准年份:
    2019
  • 资助金额:
    24.0 万元
  • 项目类别:
    青年科学基金项目

相似海外基金

SaTC: CORE: Small: An evaluation framework and methodology to streamline Hardware Performance Counters as the next-generation malware detection system
SaTC:核心:小型:简化硬件性能计数器作为下一代恶意软件检测系统的评估框架和方法
  • 批准号:
    2327427
  • 财政年份:
    2024
  • 资助金额:
    $ 50万
  • 项目类别:
    Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338301
  • 财政年份:
    2024
  • 资助金额:
    $ 50万
  • 项目类别:
    Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338302
  • 财政年份:
    2024
  • 资助金额:
    $ 50万
  • 项目类别:
    Continuing Grant
SaTC: CORE: Small: NSF-DST: Understanding Network Structure and Communication for Supporting Information Authenticity
SaTC:核心:小型:NSF-DST:了解支持信息真实性的网络结构和通信
  • 批准号:
    2343387
  • 财政年份:
    2024
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
NSF-NSERC: SaTC: CORE: Small: Managing Risks of AI-generated Code in the Software Supply Chain
NSF-NSERC:SaTC:核心:小型:管理软件供应链中人工智能生成代码的风险
  • 批准号:
    2341206
  • 财政年份:
    2024
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models
协作研究:SaTC:核心:小型:迈向安全可信的树模型
  • 批准号:
    2413046
  • 财政年份:
    2024
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
SaTC: CORE: Small: Socio-Technical Approaches for Securing Cyber-Physical Systems from False Claim Attacks
SaTC:核心:小型:保护网络物理系统免受虚假声明攻击的社会技术方法
  • 批准号:
    2310470
  • 财政年份:
    2023
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
SaTC: CORE: Small: Study, Detection and Containment of Influence Campaigns
SaTC:核心:小型:影响力活动的研究、检测和遏制
  • 批准号:
    2321649
  • 财政年份:
    2023
  • 资助金额:
    $ 50万
  • 项目类别:
    Standard Grant
Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense
协作研究:SaTC:核心:小型:命名空间劫持威胁及其防御的调查
  • 批准号:
    2317830
  • 财政年份:
    2023
  • 资助金额:
    $ 50万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards a Privacy-Preserving Framework for Research on Private, Encrypted Social Networks
协作研究:SaTC:核心:小型:针对私有加密社交网络研究的隐私保护框架
  • 批准号:
    2318843
  • 财政年份:
    2023
  • 资助金额:
    $ 50万
  • 项目类别:
    Continuing Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了