Botnets are typically used to stage denial of service (DDoS) attacks against commercial sites. DDoS attacks can disable critical infrastructure across the globe. Few effective countermeasures exist. A proposed set of experiments will quantify factors responsible for DDoS vulnerability and will verify solutions for neutralizing those attacks. In addition, repressive nations use network monitoring to identify and prosecute their opponents. Timing vulnerabilities in anonymity systems put dissidents in repressive regimes in potential danger. Flaws in anonymity systems will be quantified and a new approach to safeguarding privacy will be confirmed.
The GENI network infrastructure enables security research that has not been possible before due to potential disruption to production networks. This project will carry out a number of security and privacy experiments that include:
-WiMAX DDoS analysis with analysis of variance finding vulnerable control parameter settings; -Privacy/Anonymity side-channel Hidden Markov Models (HMMs) will be inferred to break anonymity systems; -DDoS traffic measurement to map attack severity vs. network topology; -Side-channel vulnerability removal protocol tested at scale; and -DDoS countermeasure testing to neutralize DDoS attacks.
This research has the ability to change the landscape in regards to network security and privacy. Graduate students will have abundant opportunities to carry out experiments on a network infrastructure that allows them to fully explore these research challenges at scale.
Progress: Completed a Master’s thesis on ‘Reverse Engineering: WiMAX and IEEE 802.16e". The thesis documents the process used during the GENI WiMAX research, summarizing results and important information. Investigated the R6+ protocol running between the ASN-GW and BS by completing traffic captures. Analyzed kernel log files for various settings of WiMAX debug parameter levels. Found some receive traffic that may contain the system parameters. Investigated four techniques for setting the system parameters of WiMAX separately and independently from the BS. Performed more than 150 DDoS attacks on our experiment setup and collected observations to test DDoS detection approaches using operational background traffic and real DDoS attacks. I have completed testing a cusum and 2 wavelet based DDoS detection approaches. I have also completed the analysis of the collected test data and am working on the final revisions of the paper presents our results. I have completed collecting data to test entropy based DDoS detection approaches. We have completed the code for analyzing the observations and performing spoofing attacks to convince entropy based detection approaches. Preliminary study for DDoS mitigation approach has been completed. I have started the implementation of the mitigation system. Publications: I. Ozcelik and Yu Fu and R. Brooks, "DoS Detection is Easier Now," in 2nd GENI Research and educational experiment workshop, Salt Lake City, Utah, March 2013 I. Ozcelik and R. R. Brooks, "Operational system testing for designed in security," in Proceedings of the Eighth Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW ’12, (New York, NY, USA), ACM, 2013. K. Cameron, R. Brooks. "Cost-Effective Quality Assurance of Wireless Network Security" In Proceedings of 8th Annual Workshop on Cyber Security and Information Intelligence Research, ACM, January 2013 RR Brooks, Oluwakemi Hambolu, Paul Marusich, Yu Fu and Saiprasad Balachandran, "Creating a Tailored Trustworthy Space for Democracy Advocates using Hostile Hosts" In Proceedings of 8th Annual Workshop on Cyber Security and Information Intelligence Research, ACM, January 2013 Chen Lu, R. Brooks, "Timing Analysis in P2P Botnet Traffic Using Probabilistic Context-Free Grammars", In Proceedings of 8th Annual Workshop on Cyber Security and Information Intelligence Research, ACM, January 2013 L. Yu and R. R. Brooks, "Applying POMDP to moving target optimization," In Proceedings of 8th Annual Workshop on Cyber Security and Information Intelligence Research, ACM, January 2013 K. Cameron, R. Brooks, J. Deng. "WiMAX: Bandwidth Contention Resolution, Vulnerability to Denial of Service Attacks" GENI Research and Experimenter Education, GREE 12. March 2012 I. Ozcelik and R. Brooks, "Performance analysis of ddos detection methods on real network," in GENI Research and Educational Experiment Workshop, March 2012. Richard R. Brooks, Christopher Griffin, David. S. Friedlander, J. Koch and I. Ozcelik, "Target tracking with self organizing distributed sensors," in Image and Sensor Signal Processing (S. S. Iyengar and R. R. Brooks, eds.), Chapman and Hall / CRC, 2012. I. Ozcelik and R. R. Brooks, "Security experimentation using operational systems," in Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research, CSIIRW ’11, (New York, NY, USA), pp. 79:1–79:1, ACM, 2011.
