Characterizing stateful resource attacks using modeling and simulation

Denial of Service (DoS) attacks come in a variety of types and can target groups of users, individual users or entire computer systems. With the ever-increasing reliance on networked information systems for command and control of military systems-not to mention communications infrastructures-relatively simple attacks that degrade or deny service can have devastating effects. We have modeled and validated a variety of DoS attacks and have executed these models against a validated target network model, whose architecture and stochastic behavior is varied for analysis purposes. We have conducted a systems analysis using these models and have characterized attack effects. This paper describes the analysis of two attacks, each of which consumes resources at a server. Output from our model includes the probability of denied service and service time under attack and no attack conditions. Our objective is to identify attack classes and characterize attack behavior within a class, so that the behavior of new attacks falling within a class can be anticipated and defended against. Copyright (C) 2002 John Wiley Sons, Ltd.