TY - GEN
T1 - Implementing a "moving target" system to protect servers
AU - Taylor, Curtis
AU - Shue, Craig
PY - 2011
Y1 - 2011
N2 - On the Internet, attackers often compromise systems owned by other people and group these systems into a "botnet" to launch attacks automatically. Current methods to prevent such automated attacks are either are application-specific or use signatures that can that can miss some attacks. We take a different approach by making a key observation: while attackers have a low success rate, they often compensate for it by launching more attacks. To have high throughput, attackers take shortcuts and break protocols. We address these issues by implementing a system that can detect malicious activity and block attacks. We tested this system on a small network and found that it is effective, requires no administrative overhead, and has low performance overheads.
AB - On the Internet, attackers often compromise systems owned by other people and group these systems into a "botnet" to launch attacks automatically. Current methods to prevent such automated attacks are either are application-specific or use signatures that can that can miss some attacks. We take a different approach by making a key observation: while attackers have a low success rate, they often compensate for it by launching more attacks. To have high throughput, attackers take shortcuts and break protocols. We address these issues by implementing a system that can detect malicious activity and block attacks. We tested this system on a small network and found that it is effective, requires no administrative overhead, and has low performance overheads.
KW - DNS
KW - Network
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84862867825&partnerID=8YFLogxK
U2 - 10.1145/2179298.2179390
DO - 10.1145/2179298.2179390
M3 - Conference contribution
AN - SCOPUS:84862867825
SN - 9781450309455
T3 - ACM International Conference Proceeding Series
BT - 7th Annual Cyber Security and Information Intelligence Research Workshop
T2 - 7th Annual Cyber Security and Information Intelligence Research Workshop: Energy Infrastructure Cyber Protection, CSIIRW11
Y2 - 12 October 2011 through 14 October 2011
ER -