Denial of Service (DoS) attacks on network storage
Traditionally, storage in the nodes of the network have be used to store routing tables and for extremely temporary storage while forwarding network traffic. So, it is primarily used for buffering traffic queued up to be forwarded. In the networks of today, increasingly, network storage that is used longer term is being provisioned to improve communication even more effectively. An application layer version of this is the caching provided in content distribution networks (CDNs). With the increased prevalence of network storage, it is becoming increasingly critical to effective operation and therefore is increasingly likely to become a target of denial-of-service (DoS) attacks. At points in this work where we focus on particular network protocols, the contexts will be CoAP (and HTTP) and their supporting protocols for a Internet-of-Things context and the Bundle Protocol (defined by the Delay Tolerant Networking Architecture, used for both extraterrestrial communication and delay-challenged terrestrial networking). This is the context for this set of projects.
There are several undergraduate summer projects for which we seek students. They include:
- UCSD has a dataset generated in their Network Telescope that is only malicious traffic. In order to learn more about the types and categories of malicious traffic, this project will analyze this data set. The effort will include operating on an extremely large data set, tools for statistical analysis, and graphical tools for visualizing the interesting discoveries we make in this data. The analysis of this traffic will be a driver for later research in considering types of traffic that will lead to DoS attacks on network storage (as discussed in the intro). This is likely to be a single student project.
- The application of machine learning to the code running in a node that is utilizing network storage. We have some extremely simple tools that simply provide a “heat” metric to the processes in the protocol stack in a node, to reflect differences in invocation of the code between attack and non-attack situations. We will build a set of features with respect to process invocation and apply machine learning to provide a significantly improved prediction of the impact of code invocation under DoS attacks. To begin, we will begin with a simple protocol stack including CoAP (a simple HTTP-like protocol), UDP, and IP because that is commonly used in Internet-of-Things (IoT) situations. If time and personnel permit we will extend this to HTTP, because for many IoT environments, there is protocol translation that occurs between HTTP and CoAP. This project is likely to require at least 2 students. It will require having taken 6.036.
- The application of machine learning to the valid traffic patterns for applications. One of the subtle challenges we face is that it is often the case that legitimate traffic is utilized to launch DoS attacks. There has been much work done on eliminating illegitimate traffic, but the utilization of legitimate traffic for malicious purposes is more challenging. This pair of projects will begin to develop patterns of usage of legitimate traffic that itself can be an increasing drain on network storage when used in targeted ways. By beginning to identify those patterns of inappropriate usage, we can begin to generalize the patterns of misuse. We will begin parallel efforts here one in the IoT space and one in the Delay-Tolerant Network (DTN) Bundle Protocol space. This describes projects for 2 students, and requires at least having taken 6.033, and preferably also 6.02.
- Strong programming skills: necessary
- Experience with large data sets
- Data analytics: statistics and/or machine learning experience as appropriate for the projects. (6.036 for the 2nd and 3rd sets of projects)
- Network protocol knowledge (minimum of 6.033 and preferably 6.02)
- Operating systems experience (especially for the 2nd project)
- Send resume and description of projects you have done that are relevant to these projects.
Please send both a resume and a list of projects you have done that are relevant to this work, including your role in the projects.