Zombie Botnet Denial

Denial of Service (DoS) and distributed Denial of Service (DDoS) attacks involve an attempt to make a computer resource unavailable to its intended users. This may simply be for malicious purposes as is often the case when big commercial or famous web sites, such as Amazon, Yahoo, and Google, undergo a DDoS attack.

However, it is also possible to exploit the system’s response to such an attack to break system firewalls, access virtual private networks, and to access other private resources. A DoS attack can also be used to affect a complete network or even a whole section of the Internet.

Some observers suggest that DoS attacks could be the Achilles’ heel of cloud computing services, such as Google Wave, cloud antivirus, and hosted image and other files services used by big websites. Moreover, DDoS might one day underpin criminal activity and even cyber terrorism.

Any internet application, including cloud computing, requires a user to log in before the user can access the application. A below-the-radar DoS attack can take out an application at the critical moment, escape detection and bring about painful consequences for the system operator.

As such, US researchers have developed a new type of filter that blocks an attack before it even hits the server but doesn’t slow down the system when an attack is under way. The system is known as Identity-Based Privacy-Protected Access Control Filter, IPACF, for short.

The user’s computer has to present a filter value for the server to do a quick check. The filter value is a one-time secret that needs to be presented with the pseudo ID. The pseudo ID is also one-time use. Attackers cannot forge either of these values correctly and so attack packets are filtered out.

“IPACF provides user identity-based authentication with privacy protection so that a user can always obtain the information service even when the authentication server is bombarded with DoS attacks,” team leader John Wu of Auburn University, Alabama, told me. “This scheme will enable any service, including cloud computing, to provide time-critical Internet applications,” he says.

“It also provide a means to detect the zombies in a botnet that are involved in the attacks due to their inability to detect the effectiveness of DoS attacks and will have to relaunch the DoS attack. This relaunch of DoS attack will allow the detection of the command & control structure of the botnet.”

The scheme can filter out DoS attack packets and provide legitimate services to users even when DoS packets fill the network; there is no collateral damage to the time-critical applications, a feature that is critical to Internet applications for money, medicine, military, and more.

Chwan-Hwa Wu, Tong Liu, Chun-Ching Huang, & J. David Irwin (2009). Modelling and simulations for Identity-Based Privacy-Protected Access Control Filter (IPACF) capability to resist massive denial of service attacks Int. J. Information and Computer Security, 3 (2), 195-223