Denial of Service Attacks in Distributed E-Commerce Environments

Abstract

Denial of Service (DoS) attacks continue to increase in frequency and complexity. These attacks impact e-business productivity and affect user confidence in the security of e-commerce systems.

This project is designed to focus on Distributed DoS (DDOS) attacks that deplete server resources. The research will explore the development and implementation of measures to enable the early detection of DDoS attacks and the effectiveness of measures that will be designed to counter these attacks.

Background

In October 2002, the Domain Name Servers (DNS), the Internet root servers, were victims of a Distributed Denial of Service (DDoS) attack. In a one-month period, in August 2003, Microsoft’s main web site suffered two DoS attacks. Since then, the type, frequency and complexity of these attacks have continued to cause serious and costly disruption to e-commerce systems, institutions, companies and users alike.

Several different DoS attack techniques are utilized, including those that directly target host systems and those that flood networks with datagrams and information packets. As well, several different DDoS programs have also been developed over the past few years. These programs may be detected, with varying degrees of difficulty, by remote scanning, intrusion detection systems or with host based tools such as those developed by the National Infrastructure Protection Center (NIPC).

Given the open network infrastructure in place today, it is not possible to completely eliminate the threat of DDoS attacks. However, it may be that by combining existing approaches and strategies DDoS attacks can be discovered earlier and security responses improved.

Project Description

This research project will explore the development and implementation of measures to enable the early detection of DDoS attacks and the effectiveness of measures that will be designed to counter these attacks. The project will focus specifically on Distributed DoS (DDOS) attacks that deplete server resources, including network bandwidth, memory and CPU. A generic architecture will be developed and used to provide a test bed environment for the design, development and integration of new dynamic security policies and algorithms.

Project Significance

This research is expected to provide a set of clear, consistent and structured management rules that may be used in different access control schemes to enable the early detection of DDoS attacks and the application of effective measures to counter such attacks.

As such, the research will significantly advance the knowledge and tools required to evolve secure e-commerce systems and increase the level of productivity associated with e-business.

Approach and Methodology

The research will begin with an analysis of different mechanisms and algorithms that are currently used to implement DDoS detection. This will include an in depth study of recently identified solutions to perceive and discriminate DDoS attack traffic from normal traffic flows.

We will then develop a generic architecture to support a distributed attack environment. The open architecture, based on standard Internet protocols will be used to provide a test bed environment. For research purposes, it will be configured into both attacker and defender domains.

Using this test bed environment, we will design mechanisms for the early detection of a DDoS attack, policies and procedures to trace the origin of the attack and countermeasures to limit the impact of the attack.

As the firewall is the chief instrument used to implement an organization’s security policy, the above research will not only focus on the design and development of dynamic security policies, but on the integration of these policies into newly developed firewall architectures, as well.

Research Team

The Research team assembled for this project includes Dr. Amiya Nayak Dr. Abdulmotaleb El Saddik and Dr. Dominique Ferrand, all of whom bring unique and complementary expertise to this project. The team also includes two graduate students in Engineering and computer science and one student in Business.

• Dr. Amiya Nayak, an associate professor at the School of Information Technology and Engineering (SITE) at the University of Ottawa has over 15 years of industrial experience in software engineering in avionics and telecommunication applications. He brings considerable expertise to the research team in the areas of fault-tolerant computing, ad hoc networks, and distributed computing.

• Dr. Abdulmotaleb El Saddik is associate professor at the School of Information Technology and Engineering (SITE) at the University of Ottawa and the director of the Multimedia Communications Research Laboratory (MCRLab). He has wide expertise in software engineering development of configurable and adaptable component-based multimedia modules and large scale learning systems.

• Dr. Dominique Ferrand is associate professor at the School of Management. His interests include information technology for e-commerce, e-business, management of information systems and tele-medicine. Dr. Ferrand is the Director of Graduate Certificate in e-Business and e-Commerce at the University of Ottawa and the President of Interactive Multimedia Inc.