Matt Bishop, Dean Sniegowski
University of California, One Shields Avenue, Davis, CA 95616-8562, USA
Network inhibition is a denial-of-service attack where the adversary attempts to disconnect network elements by disabling a limited number of communication links or nodes. We analyze a common variation of network inhibition where the links have infinite capacity and the goal of the attacker is to deny connections from a single server to as many clients as possible. The problem is defined formally and shown to be NP complete. Nevertheless, we develop a practical technique for network-inhibition analysis based on logic programming with stable-model semantics. The analysis scales well up to moderate-size networks. The results are a step towards quantitative analysis of denial of service and they can be applied to the design of robust network topologies.
@inproceedings{AurBisSni00,
author = {Tuomas Aura and Matt Bishop and Dean Sniegowski},
title = {Analyzing single-server network inhibition},
month = jun,
year = 2000,
booktitle = {Proc.\ 13th IEEE Computer Security Foundations Workshop},
pages = "108--117",
address = {Cambridge, UK},
publisher = {IEEE Computer Society Press}
}