Skip directly to content

Minimize RSR Award Detail

Research Spending & Results

Award Detail

Awardee:LOUISIANA STATE UNIVERSITY
Doing Business As Name:Louisiana State University
PD/PI:
  • Qingyang Wang
  • (225) 578-0959
  • qwang26@lsu.edu
Award Date:01/13/2020
Estimated Total Award Amount: $ 200,000
Funds Obligated to Date: $ 200,000
  • FY 2020=$200,000
Start Date:04/01/2020
End Date:03/31/2022
Transaction Type:Grant
Agency:NSF
Awarding Agency Code:4900
Funding Agency Code:4900
CFDA Number:47.070
Primary Program Source:040100 NSF RESEARCH & RELATED ACTIVIT
Award Title or Description:EAGER: Subtle and Harmful: Millisecond-scale Viral Denial of Service (VDoS) Attacks
Federal Award ID Number:2000681
DUNS ID:075050765
Parent DUNS ID:940050792
Program:Secure &Trustworthy Cyberspace
Program Officer:
  • Indrajit Ray
  • (703) 292-5387
  • iray@nsf.gov

Awardee Location

Street:202 Himes Hall
City:Baton Rouge
State:LA
ZIP:70803-2701
County:Baton Rouge
Country:US
Awardee Cong. District:06

Primary Place of Performance

Organization Name:Louisiana State University and A&M College
Street:
City:Baton Rouge
State:LA
ZIP:70803-0100
County:Baton Rouge
Country:US
Cong. District:06

Abstract at Time of Award

Viral Denial of Service (VDoS) attacks are a new class of attacks that affect the quality of service (QoS) requirements of mission critical web-facing services. These attacks exploit milli-bottlenecks, which are resource saturation conditions of very short duration that result in accumulated queueing delay for resources among inter-dependent components in the n-tier applications used by such services. The attacker can launch this attack by either increasing the rate of submission of job requests (rate of arrival from the service provider's perspective) or by decreasing the rate of job processing (by submitting jobs that are resource intensive). Owing to the very short duration of VDoS attacks (of the order of several milliseconds), they can remain below the detection threshold of typical monitoring tools for traditional denial of service attacks and are, consequently, subtle and stealthy. Nonetheless, they have the potential to cause significant damage. For example, Amazon reported that every 100ms increase in a page load time is correlated to a decrease in sales by 1%; Google requires 99% of its queries to finish within 500ms. This project will investigate the nature and modalities of VDoS attacks and develop mitigation tools to help combat them. Students at both graduate as well as undergraduate levels will be involved in the research. VDoS experimental data sets as well as tool-sets related to conducting VDoS related experiments will be publicly released. The project will proceed along two tasks. First, large-scale experiments will be conducted to evaluate the interactions among the various control parameters of VDoS attacks. This part of the study will identify how VDoS attacks occur, what their external manifestations are and how they can be mathematically modeled such that the tradeoffs between the granularity of attack and damage potential can be fully explored. Second, based on the knowledge acquired through the first task, detection methods and tools will be developed to reproduce and/or evaluate known millisecond-scale VDoS attacks on a testbed and find new ones. This will then lead to mitigation tools for combating VDoS attacks. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

For specific questions or comments about this information including the NSF Project Outcomes Report, contact us.