Implementing a "moving target" system to protect servers

Curtis Taylor, Craig Shue

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

On the Internet, attackers often compromise systems owned by other people and group these systems into a "botnet" to launch attacks automatically. Current methods to prevent such automated attacks are either are application-specific or use signatures that can that can miss some attacks. We take a different approach by making a key observation: while attackers have a low success rate, they often compensate for it by launching more attacks. To have high throughput, attackers take shortcuts and break protocols. We address these issues by implementing a system that can detect malicious activity and block attacks. We tested this system on a small network and found that it is effective, requires no administrative overhead, and has low performance overheads.

Original languageEnglish
Title of host publication7th Annual Cyber Security and Information Intelligence Research Workshop
Subtitle of host publicationEnergy Infrastructure Cyber Protection, CSIIRW11
DOIs
StatePublished - 2011
Externally publishedYes
Event7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11 - Oak Ridge, TN, United States
Duration: Oct 12 2011Oct 14 2011

Publication series

NameACM International Conference Proceeding Series

Conference

Conference7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11
Country/TerritoryUnited States
CityOak Ridge, TN
Period10/12/1110/14/11

Keywords

  • DNS
  • Network
  • Security

Fingerprint

Dive into the research topics of 'Implementing a "moving target" system to protect servers'. Together they form a unique fingerprint.

Cite this