Maneuvering Around Clouds

Vissers, Thomas; Goethem, Tom Van; Joosen, Wouter; Nikiforakis, Nick

doi:10.1145/2810103.2813633

Cited by 38 publications

(15 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our work extends to earlier work by Vissers et al [111] with the following three contributions. First, we analyze origin exposure in the DNS at a largerthan-ever-before scale.…”

Section: The Problemsupporting

confidence: 78%

“…In this section we explain various vectors through which the origin can be exposed. We describe two novel vectors (see Sections 7.3.4 and 7.3.6) in addition to various vectors that were previously identified in the literature [75,83,111].…”

Section: Exposure Vectorsmentioning

confidence: 99%

“…We base our comparison on the the tree-edit distance algorithm by Zhang and Shasha [119], which counts the number of edit operations (inserts, deletes, and substitutions) to get from one tree to another. Rosiello et al [97] used this algorithm to compare phishing Web sites to their original, and Vissers et al [111] use it in a work similar to ours.…”

Section: Origin Verificationmentioning

confidence: 99%

“…Later in 2013, Nixon and Camejo [83] attracted even more attention to this fact. In 2015, Vissers et al [111] performed the first study into origin exposure at scale, for five DPS providers. Our study extends the aforementioned work.…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

DDoS Mitigation: A Measurement-Based Approach

Jonker

Sperotto

Pras

2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

ix various operational aspects in the wild. Our results reveal how blackholing is applied in practice by operators. We show that for nearly 4% of attacks that are mitigated using blackholing, it takes more than 24 hours following the end of the attack for operators to retract the countermeasure. During this time, blackholed hosts are cutoff from the Internet (at least partially). The apparent lack of automation in recovery raises concern that hosts as well as services running on them may be cutoff from users unnecessarily. In addition, we unveil that less intense attacks are also blackholed: in 13% of cases the inferred attack traffic volume is at most 3 M bps. As blackholing effectively brings about a 'self-inflicted' DoS, these findings raise the question of how much (or little) effort is required for attackers to get operators to trigger such an extreme countermeasure.Focusing on the third contribution, this thesis investigates, for both mitigation solutions under consideration, hazards that can hamstring DoS defenses. Cloud-based protection services may be bypassed by sophisticated attackers as a result of mistakes in deployment. Mistakes may not be clearly understood by all users, which can lead to a false sense of security. We quantify this drawback on the Internet, focusing on the world's most popular Web sites, and on leading commercial protection services. Our results underpin the extent of the problem: the protection of 41% of Web sites under consideration can be bypassed. As for blackholing, this thesis takes preliminary steps towards investigating the extent to which hosts are cutoff unnecessarily. We quantify this in terms of common Internet services that run on blackholed hosts. This thesis will show from its outset that a basic challenge that we are faced with concerns data. Acquiring and developing diverse (raw) data sources to methodologically study the DoS problem constitutes a challenge. While this thesis comes a long way by systematically fusing data sources, future research, the research community and, more generally speaking, society, stand to benefit from improvements in data sharing. For this reason, this thesis also calls for structural improvements in data sharing. xii rence 1.5-jaar). Tezamen representeren deze zones circa de helft van alle globale domeinnamen. We onderzoeken ook tot in hoeverre slachtoffers van DoS aanvallen diensten ingebruiknemen na een aanval (we noemen dit migratie). Onze resultaten tonen aan dat de intensiteit van een aanval een belangrijke factor is voor migratie, terwijl herhaling en de duur van aanvallen dat niet zijn. Qua BGP blackholing onderzoekt dit proefschrift verscheidene operationele aspecten 'in het wild'. Onze resultaten tonen aan hoe blackholing in de praktijk wordt ingezet door operatoren. Voor bijna 4% van DoS aanvallen die met blackholing werden gemitigeerd duurde het langer dan 24 uur nadat de aanval gestopt was eer operatoren het ingezette middel terugtrokken. Gedurende deze tijd zijn de beschermde machines niet bereikbaar voor (delen van) het I...

show abstract

“…Our work extends to earlier work by Vissers et al [111] with the following three contributions. First, we analyze origin exposure in the DNS at a largerthan-ever-before scale.…”

Section: The Problemsupporting

confidence: 78%

Section: Exposure Vectorsmentioning

confidence: 99%

Section: Origin Verificationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

DDoS Mitigation: A Measurement-Based Approach

Jonker

Sperotto

Pras

2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

View full text Add to dashboard Cite

show abstract

“…If they are not similar they are not clustered together; if they are, we still have to investigate whether their DOMs are similar to decide if they should be clustered or not. To achieve this, we build upon the normalized DOM-edit distance metric (NDD), proposed by Vissers et al [62], which essentially takes as input two DOM trees and computes the number of edit operations required to move from one tree to the other. Initially, we observed that the tree edit distance algorithm they used at the time (ZSS [63]) was rather slow even for relatively simple DOMs.…”

Section: B Url Clusteringmentioning

confidence: 99%

ReScan: A Middleware Framework for Realistic and Robust Black-box Web Application Scanning

Drakonakis¹,

Ioannidis²,

Polakis³

2023

Proceedings 2023 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Black-box web vulnerability scanners are invaluable for security researchers and practitioners. Despite recent approaches tackling some of the inherent limitations of scanners, many have not sufficiently evolved alongside web browsers and applications, and often lack the capabilities for handling the inherent challenges of navigating and interacting with modern web applications. Instead of building an alternative scanner that could naturally only incorporate a limited set of the wide range of vulnerability-finding capabilities offered by the multitude of existing scanners, in this paper we propose an entirely different strategy. We present ReScan, a scanner-agnostic middleware framework that transparently enhances scanners' capabilities by mediating their interaction with web applications in a realistic and robust manner, using an orchestrated, fully-fledged modern browser. In essence, our framework can be used in conjunction with any vulnerability scanner, thus allowing users to benefit from the capabilities of existing and future scanners. Our extensible and modular framework includes a collection of enhancement techniques that address limitations and obstacles commonly faced by state-ofthe-art scanners. Our experimental evaluation demonstrates that despite the considerable (and expected) overhead introduced by a fully-fledged browser, our framework significantly improves the code coverage achieved by popular scanners (168% on average), resulting in a 66% and 161% increase in the number of reflected and stored XSS vulnerabilities detected, respectively.

show abstract