Title:
Exploiting the Transients of Adaptation for RoQ Attacks on Internet
Resources

Speaker: Mina Guirguis, Boston University

Abstract:
Over the past few years, Denial of Service (DoS) attacks have emerged as a
serious vulnerability for almost every Internet service. An adversary bent on
limiting access to a network resource could simply marshal enough client
machines to bring down an Internet service by subjecting it to sustained levels
of demand that far exceed its capacity, making that service incapable of
adequately responding to legitimate requests. In this talk I will expose a
different, but potentially more malignant adversarial attack that exploits the
transients of a system's adaptive behavior, as opposed to its limited
steady-state capacity. In particular, I will show that a determined adversary
could bleed an adaptive system's capacity or significantly reduce its service
quality by subjecting it to an unsuspicious, low-intensity (but well
orchestrated and timed) request stream that causes the system to become very
inefficient, or unstable. I will give examples of such "Reduction of Quality"
(RoQ) attacks on a number of common adaptive components in modern computing and
networking systems. RoQ attacks stand in sharp contrast to traditional
brute-force, sustained high-rate DoS attacks, as well as other attacks that
target specific protocol settings. I will present numerical and simulation
results, which are validated with observations from real Internet experiments.

Biography:
Mina Guirguis is a Ph.D. candidate and a research fellow in the Department of
Computer Science at Boston University. He received his Bachelor degree from the
Department of Computer Science and Automatic Control at Alexandria University
in 1999 and his MA degree from the Department of Computer Science at Boston
University in 2005. His research is focused on exposing and defending against
adversarial exploits of system and network dynamics.