Modeling the vulnerability of feedback-control based internet services to low-rate DoS attacks

Feedback control is a critical element in many Internet services (e.g., quality-of-service aware applications). Recent research has demonstrated the vulnerability of some feedback-control based applications to low-rate denial-of-service (LRDoS) attacks, which send high-intensity requests in an ON/OFF pattern to degrade the victim's performance and evade the detection designed for traditional DoS attacks. However, the intricate interaction between LRDoS attacks and the feedback control mechanism remains largely unknown. In this paper, we address two fundamental questions: 1) what is the impact of an LRDoS attack on a general feedback-control based system and 2) how to conduct a systematic evaluation of the impact of an LRDoS attack on specific feedback-control based systems. To tackle these problems, we model the system under attack as a switched system and then examine its properties. We conduct the first theoretical investigation on the impact of the LRDoS attack on a general feedback control system. We formally show that the attack can make the system's steady-state error oscillate along with the attack period, and prove the existence of LRDoS attacks that can force the system to be far off the desired state. In addition, we propose a novel methodology to systematically characterize the impact of an LRDoS attack on specific systems, and apply it to a web server and an IBM Notes server. This investigation obtains many new insights, such as new attack scenarios, the bound of the system's states, the relationship between the bound and the LRDoS attacks, the close-formed equations for quantifying the impact, and so on. The extensive experimental results are congruent with the theoretical analysis.