The most vexing problem remaining in computer and network security, and one of the most difficult threats to prevent, is the Denial-of-Service (DoS) attack. These prevent legitimate users from accessing data, control, computational or communication resources needed to carry out their missions. This Phase II proposal documents sources of information available on the Internet for DoS attacks, which are the most appropriate types of sources since they are the most timely. It also summarizes and categorizes several DoS attack algorithms, which will allow monitoring and detection facilities to recognize not just specific attack scripts, but whole families of attacks based on the same algorithms. Based on our successful Phase I investigation, an architecture for detecting and responding to these DoS attacks is proposed that is both flexible and extensible and includes the use of existing security components together with intelligent agents. A risk model will also be incorporated to provide cost estimates to match security requirements. A Phase Ii Option is proposed that will allow for the development of a transition plan to commercialize a DoS model through a joint-venture with a firewall vendor.
Keywords: denial-of-service attacks firewall intelligent agents information security network security r