QUT ePrints

Denial of service : prevention, modelling and detection

Smith, Jason (2007) Denial of service : prevention, modelling and detection. PhD thesis, Queensland University of Technology.

Abstract

This research investigates the denial of service problem, in the context of services provided over a network, and contributes to improved techniques for modelling, detecting, and preventing denial of service attacks against these services. While the majority of currently employed denial of service attacks aim to pre-emptively consume the network bandwidth of victims, a significant amount of research effort is already being directed at this problem. This research is instead concerned with addressing the inevitable migration of denial of service attacks up the protocol stack to the application layer. Of particular interest is the denial of service resistance of key establishment protocols (security protocols that enable an initiator and responder to mutually authenticate and establish cryptographic keys for establishing a secure communications channel), which owing to the computationally intensive activities they perform, are particularly vulnerable to attack. Given the preponderance of wireless networking technologies this research hasalso investigated denial of service and its detection in IEEE 802.11 standards based networks. Specific outcomes of this research include: - investigation of the modelling and application of techniques to improve the denial of service resistance of key establishment protocols; - a proposal for enhancements to an existing modelling framework to accommodate coordinated attackers; - design of a new denial of service resistant key establishment protocol for securing signalling messages in next generation, mobile IPv6 networks; - a comprehensive survey of denial of service attacks in IEEE 802.11 wireless networks; discovery of a significant denial of service vulnerability in the clear channel assessment procedure implemented by the medium access control layer of IEEE 802.11 compliant devices; and - design of a novel, specification-based intrusion detection system for detecting denial of service attacks in IEEE 802.11 wireless networks.

Impact and interest:

Citation countsare sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

1,141 since deposited on 03 Dec 2008
144 in the past twelve months

Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 16392
Item Type: QUT Thesis (PhD)
Supervisor: Russell, Selwyn, Gonzalez Nieto, Juan, & Looi, Mark
Keywords: denial of service resistance, key establishment, attack prevention, specificationbased intrusion detection, security modelling, cost-based modelling, mobile IP, IEEE 802.11 wireless networks, crypto-based identifiers.
Divisions: Current > QUT Faculties and Divisions > Division of Research and Commercialisation
Past > Institutes > Information Security Institute
Department: Cross-Faculty Collaboration
Institution: Queensland University of Technology
Copyright Owner: Copyright Jason Smith
Deposited On: 03 Dec 2008 14:02
Last Modified: 29 Oct 2011 05:47

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page