1st USENIX Workshop on Hot Topics in Security
Pp. 5762 of the Proceedings
Towards Attack-Agnostic Defenses
David Brumley and Dawn Song, Carnegie Mellon University
Abstract
Internet attackers control hundreds of thousands to perhaps millions of computers, which they can use for a variety of different attacks. Common attacks include spam delivery, phishing, and DDoS. The current research community focus is on defenses for each specific attack type compromised hosts may launch. However, attack-specific approaches almost always have two fundamental drawbacks: they do not address the root problem that attackers control an army of compromised hosts, and they do not provide the right incentives for users to properly secure their machines. As a result, attack-specific defenses may be defeated by new attacks, even those that may be only slightly different from old attacks. We argue researchers should also focus on attackagnostic defenses whose effectiveness does not depend on the particular attack type. We initiate this line of research by investigating the design space for attack-agnostic defenses, and then detailing two extreme points within the design space: an InternetWatch List and an Internet Reputation System.
We argue researchers should also focus on attackagnostic
defenses whose effectiveness does not depend on
the particular attack type. We initiate this line of research
by investigating the design space for attack-agnostic defenses,
and then detailing two extreme points within the
design space: an InternetWatch List and an Internet Reputation
System.
- View the full text of this paper in PDF.
Until July 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|