-
CS Colloq: Modeling Human Behavior for Defense against Flash-Crowd Attacks
Wed, Feb 27, 2008 @ 03:30 PM - 05:00 PM
Thomas Lord Department of Computer Science
Conferences, Lectures, & Seminars
Title: Modeling Human Behavior for Defense against Flash-Crowd AttacksSpeaker: Dr. Jelena Mirkovic (ISI)ABSTRACT:
Flash-crowd attacks are the most vicious form of distributed denial
of service (DDoS). They flood the victim with service requests
generated from numerous bots. Attack requests are identical in
content to those generated by legitimate, human users, and bots send
at a low rate to appear non-aggressive --- these features defeat many
existing DDoS defenses. We propose defenses against flash-crowd
attacks via human behavior modeling, which differentiate bots from
human users. Current approaches to human-vs-bot differentiation, such
as graphical puzzles, are insufficient and annoying to users, whereas
our defenses are highly effective and transparent to humans. We have
developed three types of human behavior models: a) request dynamics
models learn several features of human interaction dynamics, and
detect bots that exhibit higher aggressiveness in one or more of
these features, b) request sequence models learn visit and
transitional probabilities of user requests; they detect bots that
generate valid but low-probability sequences, and c) deception
techniques embed human-invisible objects into server replies, and
flag users that visit them as bots. Our techniques raise the bar for
a successful attack to a botnet size that is accessible to less than
5%, and sometimes less than 1%, of attackers today.BIO:
Dr. Jelena Mirkovic is a computer scientist at USC/ISI, which she
joined in 2007. Previously she was an assistant professor at the
University of Delaware, 2003-2007.
She received her M.S. and Ph.D. from UCLA, and her B.S. in Computer
Science and Engineering from the School of Electrical Engineering,
University of Belgrade, Serbia. Her current research is focused on:
methodologies for security experimentation, computer worms and viruses,
denial-of-service attacks, and IP spoofing.Location: Hughes Aircraft Electrical Engineering Center (EEB) - 248
Audiences: Everyone Is Invited
Contact: CS Colloquia
