{"610062":{"#nid":"610062","#data":{"type":"news","title":"School of Computer Science Researchers Prevent Denial of Service Attacks","body":[{"value":"\u003Cp\u003EGeorgia Tech School of Computer Science (SCS) researchers have developed a proactive defense tool that can identify and prevent denial of service (DoS) attacks.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ETypically, DoS attacks shut down web applications by sending too many access requests to a server. Now, more sophisticated, a single complex attack request can render a website unusable and be impossible to detect.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ERampart, the new defense tool developed at Georgia Tech, is designed to counter these DoS advances. It models all access requests to see how many resources they use then builds a statistical model from the data. When a new request arrives, Rampart verifies it against the statistical model to detect suspicious run times that deviate from the average. Any suspicious request will be cancelled or temporarily suspended to ensure it doesn\u0026rsquo;t take over the web application.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EIf Rampart detects a true attack, it deploys a filtering rule to block any\u0026nbsp;similar\u0026nbsp;suspicious requests. To ensure legitimate users aren\u0026rsquo;t affected, Rampart removes the filter once the attack ends and periodically reevaluates all filters and deactivates any false positives.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EWhereas the traditional detection mechanisms passively report vulnerabilities, requiring developers to manually fix them in each development, Rampart offers an immediate solution.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026ldquo;Rampart is a real-time defense mechanism that does not require the source code to prevent sophisticated CPU-exhaustion attacks,\u0026rdquo; said SCS Ph.D. student \u003Ca href=\u0022http:\/\/0-14n.github.io\/\u0022\u003E\u003Cstrong\u003EChenxiong Qian\u003C\/strong\u003E\u003C\/a\u003E. \u0026ldquo;Rampart demonstrates the possibility of the proactive defense mechanism, which we think is a good alternative that the security industry can adopt.\u0026rdquo;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cbr \/\u003E\r\nThe researchers recommend applying Rampart along with other existing network-based defense mechanisms to protect web servers.\u003C\/p\u003E\r\n\r\n\u003Cp\u003ERampart was presented at \u003Ca href=\u0022https:\/\/www.usenix.org\/conference\/usenixsecurity18\u0022\u003EUSENIX\u003C\/a\u003E in the paper, \u003Ca href=\u0022https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/meng\u0022\u003E\u003Cem\u003ERampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks\u003C\/em\u003E\u003C\/a\u003E, by SCS\u0026rsquo;s Qian and Professor \u003Cstrong\u003E\u003Ca href=\u0022http:\/\/cyber.gatech.edu\/wenke-lee\u0022\u003EWenke Lee\u003C\/a\u003E\u003C\/strong\u003E; Chinese University of Hong Kong and Tech alumnus \u003Cstrong\u003EWei Meng\u003C\/strong\u003E; University of Texas at Dallas\u0026rsquo;s \u003Cstrong\u003EShuang Hao\u003C\/strong\u003E; and University of California, Santa Barbara\u0026rsquo;s \u003Cstrong\u003EKevin Borgolte\u003C\/strong\u003E, \u003Cstrong\u003EGiovanni Vigna\u003C\/strong\u003E, and \u003Cstrong\u003EChristopher Kruegel.\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"SCS researchers created Rampart to block denial of service attacks."}],"uid":"34541","created_gmt":"2018-08-21 13:51:59","changed_gmt":"2018-08-21 13:52:42","author":"Tess Malone","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2018-08-21T00:00:00-04:00","iso_date":"2018-08-21T00:00:00-04:00","tz":"America\/New_York"},"extras":[],"hg_media":{"610063":{"id":"610063","type":"image","title":"Rampart","body":null,"created":"1534859546","gmt_created":"2018-08-21 13:52:26","changed":"1534859546","gmt_changed":"2018-08-21 13:52:26","alt":"Castle","file":{"fid":"232314","name":"castle_assis_sky_fort_clouds_tower_ruin_wall-1276787.jpg","image_path":"\/sites\/default\/files\/images\/castle_assis_sky_fort_clouds_tower_ruin_wall-1276787.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/castle_assis_sky_fort_clouds_tower_ruin_wall-1276787.jpg","mime":"image\/jpeg","size":334898,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/castle_assis_sky_fort_clouds_tower_ruin_wall-1276787.jpg?itok=FRw5viaJ"}}},"media_ids":["610063"],"groups":[{"id":"47223","name":"College of Computing"},{"id":"50875","name":"School of Computer Science"}],"categories":[],"keywords":[],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ETess Malone, Communications Officer\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022mailto:tess.malone@cc.gatech.edu\u0022\u003Etess.malone@cc.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":["tess.malone@cc.gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}