-
The Time for Reconstructing the Attack Graph in DDoS Attacks
Authors:
Dina Barak-Pelleg,
Daniel Berend
Abstract:
Despite their frequency, denial-of-service (DoS\blfootnote{Denial of Service (DoS), Distributed Denial of Service (DDoS), Probabilistic Packet Marking (PPM), coupon collector's problem (CCP)}) and distributed-denial-of-service (DDoS) attacks are difficult to prevent and trace, thus posing a constant threat. One of the main defense techniques is to identify the source of attack by reconstructing th…
▽ More
Despite their frequency, denial-of-service (DoS\blfootnote{Denial of Service (DoS), Distributed Denial of Service (DDoS), Probabilistic Packet Marking (PPM), coupon collector's problem (CCP)}) and distributed-denial-of-service (DDoS) attacks are difficult to prevent and trace, thus posing a constant threat. One of the main defense techniques is to identify the source of attack by reconstructing the attack graph, and then filter the messages arriving from this source. One of the most common methods for reconstructing the attack graph is Probabilistic Packet Marking (PPM). We focus on edge-sampling, which is the most common method. Here, we study the time, in terms of the number of packets, the victim needs to reconstruct the attack graph when there is a single attacker. This random variable plays an important role in the reconstruction algorithm. Our main result is a determination of the asymptotic distribution and expected value of this time.
The process of reconstructing the attack graph is analogous to a version of the well-known coupon collector's problem (with coupons having distinct probabilities). Thus, the results may be used in other applications of this problem.
△ Less
Submitted 11 April, 2023;
originally announced April 2023.
-
Algorithms for Reconstructing DDoS Attack Graphs using Probabilistic Packet Marking
Authors:
Dina Barak-Pelleg,
Daniel Berend,
Thomas J. Robinson,
Itamar Zimmerman
Abstract:
DoS and DDoS attacks are widely used and pose a constant threat. Here we explore Probability Packet Marking (PPM), one of the important methods for reconstructing the attack-graph and detect the attackers. We present two algorithms. Differently from others, their stopping time is not fixed a priori. It rather depends on the actual distance of the attacker from the victim. Our first algorithm retur…
▽ More
DoS and DDoS attacks are widely used and pose a constant threat. Here we explore Probability Packet Marking (PPM), one of the important methods for reconstructing the attack-graph and detect the attackers. We present two algorithms. Differently from others, their stopping time is not fixed a priori. It rather depends on the actual distance of the attacker from the victim. Our first algorithm returns the graph at the earliest feasible time, and turns out to guarantee high success probability. The second algorithm enables attaining any predetermined success probability at the expense of a longer runtime. We study the performance of the two algorithms theoretically, and compare them to other algorithms by simulation. Finally, we consider the order in which the marks corresponding to the various edges of the attack graph are obtained by the victim. We show that, although edges closer to the victim tend to be discovered earlier in the process than farther edges, the differences are much smaller than previously thought.
△ Less
Submitted 11 April, 2023;
originally announced April 2023.
-
Maximum of Exponential Random Variables, Hurwitz's Zeta Function, and the Partition Function
Authors:
Dina Barak-Pelleg,
Daniel Berend,
Grigori Kolesnik
Abstract:
A natural problem in the context of the coupon collector's problem is the behavior of the maximum of independent geometrically distributed random variables (with distinct parameters). This question has been addressed by Brennan et al. (British J. of Math. & CS. 8 (2015), 330-336). Here we provide explicit asymptotic expressions for the moments of that maximum, as well as of the maximum of exponent…
▽ More
A natural problem in the context of the coupon collector's problem is the behavior of the maximum of independent geometrically distributed random variables (with distinct parameters). This question has been addressed by Brennan et al. (British J. of Math. & CS. 8 (2015), 330-336). Here we provide explicit asymptotic expressions for the moments of that maximum, as well as of the maximum of exponential random variables with corresponding parameters. We also deal with the probability of each of the variables being the maximal one.
The calculations lead to expressions involving Hurwitz's zeta function at certain special points. We find here explicitly the values of the function at these points. Also, the distribution function of the maximum we deal with is closely related to the generating function of the partition function. Thus, our results (and proofs) rely on classical results pertaining to the partition function.
△ Less
Submitted 7 May, 2020;
originally announced May 2020.
-
A Model of Random Industrial SAT
Authors:
Dina Barak-Pelleg,
Daniel Berend,
J. C. Saunders
Abstract:
One of the most studied models of SAT is random SAT. In this model, instances are composed from clauses chosen uniformly randomly and independently of each other. This model may be unsatisfactory in that it fails to describe various features of SAT instances, arising in real-world applications. Various modifications have been suggested to define models of industrial SAT. Here, we focus mainly on t…
▽ More
One of the most studied models of SAT is random SAT. In this model, instances are composed from clauses chosen uniformly randomly and independently of each other. This model may be unsatisfactory in that it fails to describe various features of SAT instances, arising in real-world applications. Various modifications have been suggested to define models of industrial SAT. Here, we focus mainly on the aspect of community structure. Namely, here the set of variables consists of a number of disjoint communities, and clauses tend to consist of variables from the same community. Thus, we suggest a model of random industrial SAT, in which the central generalization with respect to random SAT is the additional community structure.
There has been a lot of work on the satisfiability threshold of random $k$-SAT, starting with the calculation of the threshold of $2$-SAT, up to the recent result that the threshold exists for sufficiently large $k$.
In this paper, we endeavor to study the satisfiability threshold for the proposed model of random industrial SAT. Our main result is that the threshold in this model tends to be smaller than its counterpart for random SAT. Moreover, under some conditions, this threshold even vanishes.
△ Less
Submitted 3 February, 2022; v1 submitted 31 July, 2019;
originally announced August 2019.
