*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Atlanta, GA | Posted: August 21, 2018
Tess Malone, Communications Officer
Summary Sentence:
SCS researchers created Rampart to block denial of service attacks.
Full Summary:
No summary paragraph submitted.
RampartGeorgia Tech School of Computer Science (SCS) researchers have developed a proactive defense tool that can identify and prevent denial of service (DoS) attacks.
Typically, DoS attacks shut down web applications by sending too many access requests to a server. Now, more sophisticated, a single complex attack request can render a website unusable and be impossible to detect.
Rampart, the new defense tool developed at Georgia Tech, is designed to counter these DoS advances. It models all access requests to see how many resources they use then builds a statistical model from the data. When a new request arrives, Rampart verifies it against the statistical model to detect suspicious run times that deviate from the average. Any suspicious request will be cancelled or temporarily suspended to ensure it doesn’t take over the web application.
If Rampart detects a true attack, it deploys a filtering rule to block any similar suspicious requests. To ensure legitimate users aren’t affected, Rampart removes the filter once the attack ends and periodically reevaluates all filters and deactivates any false positives.
Whereas the traditional detection mechanisms passively report vulnerabilities, requiring developers to manually fix them in each development, Rampart offers an immediate solution.
“Rampart is a real-time defense mechanism that does not require the source code to prevent sophisticated CPU-exhaustion attacks,” said SCS Ph.D. student Chenxiong Qian. “Rampart demonstrates the possibility of the proactive defense mechanism, which we think is a good alternative that the security industry can adopt.”
The researchers recommend applying Rampart along with other existing network-based defense mechanisms to protect web servers.
Rampart was presented at USENIX in the paper, Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks, by SCS’s Qian and Professor Wenke Lee; Chinese University of Hong Kong and Tech alumnus Wei Meng; University of Texas at Dallas’s Shuang Hao; and University of California, Santa Barbara’s Kevin Borgolte, Giovanni Vigna, and Christopher Kruegel.
