COLLOQUIUM Computer Science Department, Boston University Speaker: Dina Katabi MIT Date: Wednesday, November 16 Time: 11:00 Place: Room MCS 135, 111 Cummington Street (for directions, see www.cs.bu.edu/colloquium) Title: Surviving Denial of Service Attack that Mimic Legitimate Browsing Abstract: Recent denial of service attacks are mounted by professionals using botnets of tens of thousands of compromised machines. To circumvent detection, attackers are increasingly moving away from bandwidth floods to attacks that mimic the Web browsing behavior of a large number of clients, and target expensive higher-layer resources such as CPU, database and disk bandwidth. The resulting attacks are hard to defend against using standard techniques, as the malicious requests differ from the legitimate ones in intent but not in content. This talk presents Kill-Bots, a system for protecting Web servers against DDoS attacks that masquerade as flash crowds. Kill-Bots provides authentication using graphical tests but is different from other systems that use graphical tests because it deals with the tests bias against users who cannot solve them. Instead of authenticating a user based on her ability to solve a graphical test, Kill-Bots authenticate users based on their reaction to a graphical test. It identifies IP addresses that ignore the test, and persistently bombard the server with requests despite repeated failures at solving the tests. These machines are bots because their intent is to congest the server. Once these machines are identified, Kill-Bots blocks their requests, turns the graphical tests off, and allows access to legitimate users who are unable or unwilling to solve graphical tests. Second, Kill-Bots sends a test and checks the client's answer without allowing unauthenticated clients access to sockets, TCBs, and worker processes. Thus, it protects the authentication mechanism from being DDoSed. Third, Kill-Bots combines authentication with admission control. As a result, it improves performance, regardless of whether the server overload is caused by DDoS or a true Flash Crowd. Biography: Dina Katabi is an Assistant Professor in the Department of Electrical Engineering and Computer Science and a member of the Computer Science and Artificial Intelligence Laboratory (CSAIL) She received her PhD and MS from MIT in 2003 and 1999, and her Bachelor of Science from Damascus University in 1995. She has been awarded an NSF CAREER award in 2005. Her doctoral dissertation won an ACM Honorable Mention award and a Sprowls award for academic excellence. She has award winning papers in SIGCOMM 2000 and NSDI 2005. Professor Katabi's research interests are in computer networks. They encompass wireless networks, congestion control, routing and traffic engineering, Internet measurements and analysis, and network security. Host: Azer Bestavros