Computational Models for Internet Security Incidents and Defense

To mitigate the risk of computer security incidents, evaluating the effectiveness of defenses becomes an important issue. The purpose of this research is to develop computational models to study security policies that will provide defenses against Internet security incidents. Internet security incidents refer to computer security incidents conducted by malicious attackers through network connections to compromise network services. In particular, this research will focus on distributed denial of service (DDOS) attacks and defenses against these attacks.

To orient this research we focus on two basic research questions. First, how do ISPs provide DDOS defenses at the lowest cost while their subscribers remain satisfied with the availability of network connections during attacks? A cost-performance analysis of the effectiveness of DDOS defenses will be conducted using results from the computational model. This cost-performance analysis will aid ISPs and local network administrators in their evaluation of DDOS defenses. Second, we ask where are the critical points in a network to deploy defenses? We examine the impact of network topology on the deployment location of defenses. Graph level indices and models from social network studies will be used to categorize network topologies and to select deployment locations for defenses. This analysis will provide guidance to decision makers.