{"id":8878,"date":"2016-05-31T10:14:14","date_gmt":"2016-05-31T10:14:14","guid":{"rendered":"http:\/\/revoscience.com\/en\/?p=8878"},"modified":"2016-05-31T10:14:14","modified_gmt":"2016-05-31T10:14:14","slug":"the-internet-defender","status":"publish","type":"post","link":"https:\/\/www.revoscience.com\/en\/the-internet-defender\/","title":{"rendered":"The Internet Defender"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n

Leading the fight against online troublemakers is computer security expert SMU Visiting Professor Virgil Gl<\/strong><\/h1>\n
\"Photo<\/a>
Photo Credit: Cyril Ng<\/figcaption><\/figure>\n

<\/h1>\n
\n

By Shuzhen Sim | SMU<\/a><\/strong><\/p>\n<\/div>\n

SMU Office of Research\u00a0<\/strong>\u2013<\/strong>\u00a0<\/em>Distributed Denial-of-Service (DDoS) attacks are increasingly in the news, and are becoming ever more sophisticated and larger in scale. In these attacks, an adversary tries to overwhelm and crash important services such as government websites, bank servers and credit card payment gateways by flooding them with messages that originate from thousands of different Internal Protocol (IP) addresses.<\/span><\/p>\n

Leading the fight against this scourge is computer security expert Virgil Gligor, visiting professor at the Singapore Management University (SMU) School of Information Systems (SIS).<\/span><\/p>\n

On sabbatical from Carnegie Mellon University in the United States, where he is a professor in the Department of Electrical and Computer Engineering, Professor Gligor is no stranger to Singapore. He first visited in the early 1980s to deliver lectures on computer security at the invitation of then-National Computer Board. Since then, he has also served on the advisory board of SIS. This time, he hopes to establish collaborations with local researchers in the areas of trustworthy computing systems and applied cryptographic protocols.<\/span><\/p>\n

Finding and thwarting DDoS attacks<\/strong><\/p>\n

\u201cAs technology advances, and as the Internet connects more people and more services, the possibility and real examples of DDoS have increased in number,\u201d says Professor Gligor.<\/span><\/p>\n

Besides their potential to disrupt important services, there may also be a more insidious side to these attacks, Professor Gligor notes. The use of DDoS as a threat to extort payments from companies is on the rise, and there is evidence that some countries have launched politically motivated attacks against services in other nation states.<\/span><\/p>\n

Professor Gligor is working to anticipate and discover new classes of DDoS attacks that could potentially target vulnerable spots on the Internet. \u201cIn order to look for defences against new problems, you have to find the new problems,\u201d he explains.<\/span><\/p>\n

He has shown, for example, that routing bottlenecks\u2014key routers with links to many hosts\u2014arise as a natural property of the Internet. Their highly connected nature, however, makes them an ideal target for DDoS attacks. The research has been published in a conference paper \u201c<\/span>Routing Bottlenecks in the Internet: Causes, Exploits, and Countermeasures<\/a>\u201d in the<\/span>Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.<\/em><\/p>\n

In scenarios known as crossfire attacks\u2014discovered by Professor Gligor and students and published in a conference paper \u201c<\/span>The Crossfire Attack<\/a>\u201d in the\u00a0<\/span>2013 IEEE Symposium on Security and Privacy<\/em>\u2014the adversary attempts to flood and crash these routers by sending them traffic from tens of thousands of bots under its control. Such attacks have the potential to disrupt communications on a large scale\u2014an entire city, state or small country could be cut off from the outside world.<\/span><\/p>\n

Probing the Internet\u2019s weak spots<\/strong><\/p>\n

DDoS attacks are relatively new problems that are extremely difficult to prevent or resolve, says Professor Gligor. \u201cTwenty years ago, there were very few instances of distributed computations that could attack a particular website. An adversary could not gather so much computing capacity,\u201d he explains.<\/span><\/p>\n

Now, however, economics is on the side of the adversary, who can buy bots by the thousand on the \u201cbot market\u201d\u2014likely an offshoot of the spamming industry\u2014at very low prices. In contrast, it costs a lot more for the defender to increase the bandwidths of key routers, which would help mitigate the flooding.\u00a0<\/span><\/p>\n

DDoS attacks also tend to be stealthy. Bot networks generate low-intensity traffic that is indistinguishable from legitimate traffic, making attacks hard to detect until it is too late. In addition, bottleneck routers often belong to different Internet service providers (ISPs). Since bot traffic on an individual router is often not intense enough to raise an alarm, the only way to detect an attack is for ISPs to communicate with each other. In practice, however, these companies are more likely to compete than to collaborate.<\/span><\/p>\n

Possible solutions, says Professor Gligor, include reversing the cost asymmetry, or forcing the adversary into a conflict-of-interest situation. The latter option might involve having the attacked router instruct its sources to reroute their traffic. If the adversary complies, the attack is unsuccessful; if it does not, then the traffic stands out as adversarial.<\/span><\/p>\n

Such deterrents, however, only work if the adversary is rational. This may not always be the case\u2014political attacks, for example, might involve irrational or cost-insensitive adversaries.<\/span><\/p>\n

In addition to theoretical analysis, Professor Gligor and his colleagues also use simulations and real Internet measurements to test their hypotheses and propose solutions. Tracing packet routes from presumed locations of bots, for example, allows them to detect routing bottlenecks in the network of a bank\u2019s website. In the laboratory, they then simulate attacks on these routers, working out important parameters such as bottleneck size, cost, impact and overall feasibility.<\/span><\/p>\n

The future of computer security<\/strong><\/p>\n

A major threat that users will continue to face in the future, says Professor Gligor, is the presence of security loopholes in computer software. While it costs little for software makers to enter the market, there are no regulations stipulating basic levels of security for their products. Software makers also absolve themselves of liability through End User License Agreements.<\/span><\/p>\n

This combination of factors has had a tremendous effect on software innovation, says Professor Gligor. Further compounding the problem, there are also no incentives for programmers to produce secure software\u2014an undertaking which requires much more time and effort. \u00a0<\/span><\/p>\n

\u201cSecurity is going to remain a problem of fundamental importance for many years to come. It\u2019s not something we can solve with a silver bullet,\u201d he says. \u201cAs technology advances and becomes more complex\u2014and more useful in many ways\u2014there will be more avenues of attack.\u201d<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Distributed Denial-of-Service (DDoS) attacks are increasingly in the news, and are becoming ever more sophisticated and larger in scale. <\/p>\n","protected":false},"author":2,"featured_media":8879,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47],"tags":[],"class_list":["post-8878","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"featured_image_urls":{"full":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",2304,1536,false],"thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu-150x150.jpg",150,150,true],"medium":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",750,500,false],"large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu-1024x682.jpg",750,500,true],"1536x1536":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",1536,1024,false],"2048x2048":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",2048,1365,false],"ultp_layout_landscape_large":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",1200,800,false],"ultp_layout_landscape":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",855,570,false],"ultp_layout_portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",600,400,false],"ultp_layout_square":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",600,400,false],"newspaper-x-single-post":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",735,490,false],"newspaper-x-recent-post-big":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",540,360,false],"newspaper-x-recent-post-list-image":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",95,63,false],"web-stories-poster-portrait":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",640,427,false],"web-stories-publisher-logo":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",96,64,false],"web-stories-thumbnail":["https:\/\/www.revoscience.com\/en\/wp-content\/uploads\/2016\/05\/Professor-Virgil-Gligor_smu.jpg",150,100,false]},"author_info":{"info":["RevoScience"]},"category_info":"IT<\/a>","tag_info":"IT","comment_count":"0","_links":{"self":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/8878","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/comments?post=8878"}],"version-history":[{"count":0,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/posts\/8878\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media\/8879"}],"wp:attachment":[{"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/media?parent=8878"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/categories?post=8878"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.revoscience.com\/en\/wp-json\/wp\/v2\/tags?post=8878"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}