Network Denial of Service (DoS) attacks are increasing in frequency, severity and sophistication. Most previous work has focused on network DoS attacks that take advantage of a protocol to launch the attack. We take the broader view that DoS attack is any malicious action which reduces the availability of some resource to some users. Meanwhile, it is highly desirable to be able to measure quantitatively and verify claims pertaining to the security of IT systems and services. As the first attempt to quantify the resilience of a system to broad classes of network DoS attacks, we propose a novel benchmarking methodology and apply it to study the effect of a variety of attacks on directory services in a network setting. Preliminary simulations show the rough ranking of network DoS resilience among centralized directory services, replicated directory services and the newly-emerged distributed directory services, such as Tapestry. Finally, we discuss some potential approaches towards DoS resilience based on our experiments.




Download Full History