BYTE.com
RSS feed
Archives
Columns
Features
Print Archives 1994-1998
Special
Michael Abrash's Graphics Programming Black Book
101 Perl Articles
About Us
Write to BYTE.com
Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
Email Address
First Name
Last Name




 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE    
BYTE.com > Features > 2003

Human-Targeted Denial of Service

By Evgeniy Gabrilovich, Alex Gontmakher

June 30, 2003

(Human-Targeted Denial of Service :  Page 1 of 1 )



The infrastructure of the World Wide Web has been fairly stable over the years, consisting of servers that offer services like HTTP, e-mail and IRC, and client programs that allow users to access these services. Traditionally, services are provided by computer programs, while clients are controlled in a variety of ways—some of them operated manually, and others running in unattended mode.

However, the world is changing. Online services are increasingly being provided by real humans sitting behind computer monitors. For example, many high-profile sites such as eBay and Microsoft bCentral use live chat technology to offer their users interactive human assistance, as the presence of a real person makes the users feel more comfortable with the site.

Providing live support over the Net is much cheaper than the 1-800 option since an operator can handle several chat sessions simultaneously. The downside of this approach, however, is that "the human in the loop" can now be a target of a new class of network attacks. Take a simple chat-bot program that connects to an online chat service. Smart it is not—an operator can tell it's not a human after a few sentences. But that would be too late—the bot has already wasted a few precious minutes of the human assistant's time at the expense of only a few milliseconds of the attacker's CPU time. And several hundreds of such bots can easily overwhelm the whole team of support operators. In a sense, this amounts to a semantic Denial of Service (DoS) attack targeted against real people on the Net. We call this attack Human-Targeted Denial of Service, or HTDoS.

In the past, denial of service attacks have frequently been employed by hackers to plague network services with spurious requests, while semantic attacks have been used to dupe unsuspecting Internet users into various get-rich-quick scams. The former are directed against computers and are completely automatic, while the latter class of attack (also known as cognitive hacking) exploits human perceptions and beliefs.

 Page 1 of 1 


BYTE.com > Features > 2003
Dr. Dobb's Media Center

Voice Recording Meets Open Source
Dr. Dobb's talks with Bruce Kaskey, cofounder of <a href="http://www.orecx.com">OrecX</a>, about the Oreka open source project and why it's an important contribution to the open source community.

What Zope Did Wrong (and How It's Being Fixed)
Dr. Dobb's talks with Lennart Regebro about the many things that Zope 2 did right and did wrong. Lennart has also been one of the driving forces behind Five, the integration of Zope 3 technologies into Zope 2.

BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE: Volume 2 - Heuristic Algorithms
The Best of BYTE: Volume 2 - Heuristic Algorithms
In this volume of Best of BYTE, we explore the emergence of some heuristic algorithms. Although we have only scratched the surface of this intriguing subject, we hope we've suggested the potential of the synthesis of heuristics and algorithms.

© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media Limited
Site comments: webmaster@byte.com
Web Sites: BYTE.com, dotnetjunkies.com, Dr. Dobb's Journal, SD Expo, Sys Admin, sqljunkies.com, Unixreview



MarketPlace
simple helix is the most trusted name in the hosting industry! Join us and host with the experts!
Helps Employees Develop & Hone New Technical Programming Skills. Sign Up & Get Full Access.
Sign Up & Get Full Access To The Definitive Online Book Collection With SkillSoft's Books24x7�.
and develop 10 times faster ! ALM, IDE, .Net, PDF, 5GL, Database, 64-bit, etc. Free Express version
Sign Up With SkillSoft & Get Access to Training Materials for Over 50 Professional Certifications.
Wanna see your ad here?
 

web2