Date Approved
11-23-2009
Date Posted
5-20-2010
Degree Type
Open Access Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department or School
College of Technology
Committee Member
Mary Brake, Ph.D., Dissertation Chair
Committee Member
Peter Stephenson, Ph.D., Norwich University
Committee Member
Elsa Poh, Ph.D.
Committee Member
Ann Christiansen Remp, Ph.D.
Committee Member
Andrew Ross, Ph.D.
Abstract
The Internet‟s router infrastructure, a scale-free computer network, is vulnerable to targeted denial-of-service (DoS) attacks. Protecting this infrastructure‟s stability is a vital national interest because of the dependence of economic and national security transactions on the Internet. Current defensive countermeasures that rely on monitoring specific router traffic have been shown to be costly, inefficient, impractical, and reactive rather than anticipatory.
To address these issues, this research investigation considers a new paradigm that relies on the systemic changes that occur during a cyber attack, rather than individual router traffic anomalies. It has been hypothesized in the literature that systemic knowledge of cyber attack mechanics can be used to infer the existence of an exploit in its formative stages, before severe network degradation occurs. The study described here targeted DoS attacks against large-scale computer networks. To determine whether this new paradigm can be expressed though the study of subtle changes in the physical characteristics of the Internet‟s connectivity environment, this research developed a first of its kind Colored Petri Net (CPN) model of the United States AT&T router connectivity topology.
By simulating the systemic affects of a DoS attack over this infrastructure, the objectives of this research were to (1) determine whether it is possible to detect small subtle changes in the connectivity environment of the Internet‟s router connectivity infrastructure that occur during a cyber attack; and (2) if the first premise is valid, to ascertain the feasibility of using these changes as a means for (a) early infrastructure attack detection and (b) router infrastructure protection strategy development against these attacks.
Using CPN simulations, this study determined that systemic network changes can be detected in the early stages of a cyber attack. Specifically, this research has provided evidence that using knowledge of the Internet‟s connectivity topology and its physical characteristics to protect the router infrastructure from targeted DoS attacks is feasible. In addition, it is plausible to use these techniques to detect targeted DoS attacks and may lead to new network security tools.
Recommended Citation
Healy, Lawrence M., "A model to study cyber attack mechanics and denial-of-service exploits over the internet's router infrastructure using colored petri nets" (2009). Master's Theses and Doctoral Dissertations. 218.
https://commons.emich.edu/theses/218