Jump to content

Algorithmic complexity attack

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by JunosTopHat (talk | contribs) at 19:05, 28 November 2022 (topics). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

      An Algorithmic complexity Attack (ACA) is a form of attack in which the system is attacked by an exhaustion resource to take advantage of worst-case performance.  Worst-case performance through a back-end algorithm results in the exhaustion of the server, this creates algorithmic complexity vulnerabilities. According to Adam Jacobson and Dr. David Renardy, research scientists from Two Six Labs,  “An AC Time vulnerability causes denial of service by exhausting CPU while AC Space vulnerabilities exhaust RAM or disk space.” [1]Examples of ACA attacks are zip-bombs, billion laughs, and ReDoS which are Malicious files aimed to render a program useless. Additionally, as stated by the Cybersecurity and Infrastructure Security Agency, a department within the Department of Homeland Security, “A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network.”[2] In other words, DoS attacks are a form of an attack in which a hacker can flood a server which outputs a denial of service error. ACA and DDoS attacks are forms of denial of service attacks in which the hacker can gain information through the Schemas files and its structure. On October 2022, Google released that they experienced the largest DDoS attack to date that took place in September of 2017. Algorithmic complexity and its vulnerabilities are the main components that have given hackers ways to attack algorithms and its servers.

ReDoS

Back-End Algorithms

Billion Laughs

Algorithmic Complexity

Zip Bombs

Google DDoS Attack

Work Cited

Grechishnikov, E. V., et al. "Algorithmic Model of Functioning of the System to Detect and Counter Cyber Attacks on Virtual Private Network." Journal of Physics: Conference Series, vol. 1203, no. 1, 2019. ProQuest, https://eznvcc.vccs.edu/login?url=https://www.proquest.com/scholarly-journals/algorithmic-model-functioning-system-detect/docview/2566108871/se-2, doi:https://doi.org/10.1088/1742-6596/1203/1/012064.

Y. Afek, A. Bremler-Barr, Y. Harchol, D. Hay and Y. Koral, "Making DPI Engines Resilient to Algorithmic Complexity Attacks," in IEEE/ACM Transactions on Networking, vol. 24, no. 6, pp. 3262-3275, December 2016, doi: 10.1109/TNET.2016.2518712.

Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.

  1. ^ "Algorithmic Complexity Vulnerabilities: An Introduction".
  2. ^ "(ST04-015) Understanding Denial-of-Service Attacks". {{cite web}}: line feed character in |title= at position 11 (help)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Algorithmic_complexity_attack&oldid=1124402722"