Improving the Resilience of an IDS Against Performance Throttling Attacks.

Govind Sreekar Shenoy, Jordi Tubella, Antonio González

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Intrusion Detection Systems (IDS) have emerged as one of the most promising ways to secure systems in the network. To be effective against evasion attempts, the IDS must provide tight bounds on performance. Otherwise an adversary can bypass the IDS by carefully crafting and sending packets that throttle it. This can render the IDS ineffective, thus resulting in the network becoming vulnerable. We present a performance throttling attack mounted against the computationally intensive string matching algorithm. This algorithm performs string matching by traversing a finite-state-machine (FSM). We observe that there are some input bytes that sequentially traverse a chain of 30 pointers. This chain of traversal drastically degrades performance, and we observe a 22X performance drop in comparison to the average case performance. We investigate hardware and software mechanisms to counter this performance degradation. The software mechanism is targeted for commodity general purpose CPUs. While the hardware-based mechanism uses a parallel traversal suitable for network processor architectures. Our results show that our proposed mechanisms significantly improves (by over 3X magnitude) string matching algorithm’s worst performing cases.
Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks
Subtitle of host publication8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers
EditorsAngelos D. Keromytis, Roberto Pietro
Place of PublicationBerlin, Heidelberg
PublisherSpringer
Pages167-184
Number of pages18
ISBN (Electronic)978-3-642-36883-7
ISBN (Print)978-3-642-36882-0
DOIs
Publication statusPublished - 2013

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
PublisherSpringer Berlin Heidelberg
Volume106
ISSN (Print)1867-8211

Fingerprint

Dive into the research topics of 'Improving the Resilience of an IDS Against Performance Throttling Attacks.'. Together they form a unique fingerprint.

Cite this