School of Computer Science Researchers Prevent Denial of Service Attacks

Rampart

Georgia Tech School of Computer Science (SCS) researchers have developed a proactive defense tool that can identify and prevent denial of service (DoS) attacks.

Typically, DoS attacks shut down web applications by sending too many access requests to a server. Now, more sophisticated, a single complex attack request can render a website unusable and be impossible to detect.

Rampart, the new defense tool developed at Georgia Tech, is designed to counter these DoS advances. It models all access requests to see how many resources they use then builds a statistical model from the data. When a new request arrives, Rampart verifies it against the statistical model to detect suspicious run times that deviate from the average. Any suspicious request will be cancelled or temporarily suspended to ensure it doesn’t take over the web application.

If Rampart detects a true attack, it deploys a filtering rule to block any similar suspicious requests. To ensure legitimate users aren’t affected, Rampart removes the filter once the attack ends and periodically reevaluates all filters and deactivates any false positives.

Whereas the traditional detection mechanisms passively report vulnerabilities, requiring developers to manually fix them in each development, Rampart offers an immediate solution.

“Rampart is a real-time defense mechanism that does not require the source code to prevent sophisticated CPU-exhaustion attacks,” said SCS Ph.D. student Chenxiong Qian. “Rampart demonstrates the possibility of the proactive defense mechanism, which we think is a good alternative that the security industry can adopt.”

The researchers recommend applying Rampart along with other existing network-based defense mechanisms to protect web servers.

Rampart was presented at USENIX in the paper, Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks, by SCS’s Qian and Professor Wenke Lee; Chinese University of Hong Kong and Tech alumnus Wei Meng; University of Texas at Dallas’s Shuang Hao; and University of California, Santa Barbara’s Kevin Borgolte, Giovanni Vigna, and Christopher Kruegel.

 

Contact: 

Tess Malone, Communications Officer

tess.malone@cc.gatech.edu