DDoS defense by offense

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

DDoS defense by offense

Full text

Pdf (335 KB)

Source

Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications table of contents

Pisa, Italy

SESSION: Security table of contents

Pages: 303 - 314

Year of Publication: 2006

ISBN:1-59593-308-5

Also published in ...

Authors

Michael Walfish	MIT
Mythili Vutukuru	MIT
Hari Balakrishnan	MIT
David Karger	MIT
Scott Shenker	UC Berkeley and ICSI

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 46, Downloads (12 Months): 309, Citation Count: 16

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1159913.1159948 What is a DOI?

ABSTRACT

This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately hard, memory-bound functions. In NDSS, 2003.
	2	S. Agarwal, T. Dawson, and C. Tryfonas. DDoS mitigation via regional cleaning centers. Sprint ATL Research Report RR04-ATL-013177, Aug. 2003.
	3	D. G. Andersen et al. System support for bandwidth management and content adaptation in Internet applications. In OSDI, Sept. 2000.
	4	T. Anderson, T. Roscoe, and D. Wetherall. Preventing Internet denial-of-service with capabilities. In HotNets, Nov. 2003.
	5	Arbor Networks, Inc. http://www.arbornetworks.com.
	6	Tuomas Aura , Pekka Nikander , Jussipekka Leiwo, DOS-Resistant Authentication with Client Puzzles, Revised Papers from the 8th International Workshop on Security Protocols, p.170-177, April 03-05, 2000
	7	A. Back. Hashcash. http://www.cypherspace.org/adam/hashcash/.
	8	Gaurav Banga , Peter Druschel , Jeffrey C. Mogul, Resource containers: a new facility for resource management in server systems, Proceedings of the third symposium on Operating systems design and implementation, p.45-58, February 1999, New Orleans, Louisiana, United States
	9	Cisco Guard, Cisco Systems, Inc. http://www.cisco.com.
	10	Criminal Complaint: USA v. Ashley, Hall, Schictel, Roby, and Walker, Aug. 2004. http://www.reverse.net/operationcyberslam.pdf.
	11	C. Dwork, A. Goldberg, and M. Naor. On memory-bound functions for fighting spam. In CRYPTO, 2003.
	12	Cynthia Dwork , Moni Naor, Pricing via Processing or Combatting Junk Mail, Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, p.139-147, August 16-20, 1992
	13	Emulab. http://www.emulab.net.
	14	Nick Feamster , Jaeyeon Jung , Hari Balakrishnan, An empirical study of "bogon" route advertisements, ACM SIGCOMM Computer Communication Review, v.35 n.1, January 2005 [doi>10.1145/1052812.1052826]
	15	C. Fraleigh, S. Moon, B. Lyles, C. Cotton, M. Khan, D. Moll, R. Rockell, T. Seely, and C. Diot. Packet-level traffic measurements from the Sprint IP backbone. IEEE Network, 17(6), 2003.
	16	V. D. Gligor. Guaranteeing access in spite of distributed service-flooding attacks. In Intl. Wkshp. on Security Prots., 2003.
	17	C. A. Gunter, S. Khanna, K. Tan, and S. Venkatesth. DoS protection for reliably authenticated broadcast. In NDSS, 2004.
	18	M. Handley. Internet architecture WG: DoS-resistant Internet subgroup report, 2005. http://www.communicationsresearch.net/dos-resistant/meeting-1/cii-dos-summary.pdf.
	19	Honeynet Project and Research Alliance. Know your enemy: Tracking botnets. Mar. 2005. http://www.honeynet.org/papers/bots/.
	20	A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In NDSS, 1999.
	21	S. Kandula, D. Katabi, M. Jacob, and A. Berger. Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In USENIX NSDI, May 2005.
	22	Eddie Kohler , Mark Handley , Sally Floyd, Designing DCCP: congestion control without reliability, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	23	M. Krohn. Building secure high-performance Web services with OKWS. In USENIX Technical Conference, June 2004.
	24	B. Laurie and R. Clayton. "Proof-of-Work" proves not to work; version 0.2, Sept. 2004. http://www.cl.cam.ac.uk/users/rnc1/proofwork2.pdf.
	25	D. Mankins , R. Krishnan , C. Boyd , J. Zao , M. Frentz, Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing, Proceedings of the 17th Annual Computer Security Applications Conference, p.411, December 10-14, 2001
	26	David Mazières, A Toolkit for User-Level File Systems, Proceedings of the General Track: 2002 USENIX Annual Technical Conference, p.261-274, June 25-30, 2001
	27	Mazu Networks, Inc. http://mazunetworks.com.
	28	Jelena Mirkovic , Peter Reiher, A taxonomy of DDoS attack and DDoS defense mechanisms, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004 [doi>10.1145/997150.997156]
	29	William G. Morein , Angelos Stavrou , Debra L. Cook , Angelos D. Keromytis , Vishal Misra , Dan Rubenstein, Using graphic turing tests to counter automated DDoS attacks against web servers, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948114]
	30	Network World. Extortion via DDoS on the rise. May 2005. http://www.networkworld.com/news/2005/051605-ddos-extortion.html.
	31	K. Park, V. S. Pai, K.-W. Lee, and S. Calo. Securing Web service by automatic robot detection. In USENIX Technical Conference, June 2006.
	32	Pittsburgh Post-Gazette. CMU student taps brain's game skills. Oct. 5, 2003. http://www.post-gazette.com/pg/03278/228349.stm.
	33	Prolexic Technologies, Inc. http://www.prolexic.com.
	34	Anirudh Ramachandran , Nick Feamster, Understanding the network-level behavior of spammers, Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, September 11-15, 2006, Pisa, Italy
	35	Venugopalan Ramasubramanian , Emin Gün Sirer, The design and implementation of a next generation name service for the internet, Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, August 30-September 03, 2004, Portland, Oregon, USA
	36	E. Ratliff. The zombie hunters. The New Yorker, Oct. 10, 2005.
	37	SecurityFocus. FBI busts alleged DDoS mafia. Aug. 2004. http://www.securityfocus.com/news/9411.
	38	V. Sekar, N. Duffield, O. Spatscheck, J. van der Merwe, and H. Zhang. LADS: Large-scale automated DDoS detection system. In USENIX Technical Conference, June 2006.
	39	M. Sherr, M. Greenwald, C. A. Gunter, S. Khanna, and S. S. Venkatesh. Mitigating DoS attack through selective bin verification. In 1st Wkshp. on Secure Netwk. Protcls., Nov. 2005.
	40	K. K. Singh. Botnets-An introduction, 2006. http://www-static.cc.gatech.edu/classes/AY2006/cs6262_spring/botnets.ppt.
	41	Spammer-X. Inside the SPAM Cartel. Syngress, 2004. Page 40.
	42	Stupid Google virus/spyware CAPTCHA page. http://www.spy.org.uk/spyblog/2005/06/stupid google_virusspyware_cap.html.
	43	TechWeb News. Dutch botnet bigger than expected. Oct. 2005. http://informationweek.com/story/showArticle.jhtml?articleID=172303265.
	44	The Register. East European gangs in online protection racket. Nov. 2003.
	45	D. Thomas. Deterrence must be the key to avoiding DDoS attacks, 2005. http://www.vnunet.com/computing/analysis/2137395/deterrence-key-avoiding-ddos-attacks.
	46	R. Vasudevan, Z. M. Mao, O. Spatscheck, and J. van der Merwe. Reval: A tool for real-time evaluation of DDoS mitigation strategies. In USENIX Technical Conference, June 2006.
	47	Luis von Ahn , Manuel Blum , John Langford, Telling humans and computers apart automatically, Communications of the ACM, v.47 n.2, p.56-60, February 2004 [doi>10.1145/966389.966390]
	48	M. Walfish, H. Balakrishnan, D. Karger, and S. Shenker. DoS: Fighting fire with fire. In HotNets, Nov. 2005.
	49	XiaoFeng Wang , Michael K. Reiter, Defending Against Denial-of-Service Attacks with Puzzle Auctions, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.78, May 11-14, 2003
	50	A. Yaar, A. Perrig, and D. Song. SIFF: A stateless Internet flow filter to mitigate DDoS flooding attacks. In IEEE Symp. on Security and Privacy, May 2004.
	51	Xiaowei Yang , David Wetherall , Thomas Anderson, A DoS-limiting network architecture, Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications, August 22-26, 2005, Philadelphia, Pennsylvania, USA

CITED BY 16

	Pratap Ramamurthy , Vyas Sekar , Aditya Akella , Balachander Krishnamurthy , Anees Shaikh, Remote profiling of resource constraints of web servers using mini-flash crowds, USENIX 2008 Annual Technical Conference on Annual Technical Conference, p.185-198, June 22-27, 2008, Boston, Massachusetts
	Felipe Huici , Mark Handley, An edge-to-edge filtering architecture against DoS, ACM SIGCOMM Computer Communication Review, v.37 n.2, April 2007
	Yu Chen , Kai Hwang , Wei-Shinn Ku, Distributed change-point detection of DDoS attacks: experimental results on DETER testbed, Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007, p.7-7, August 06-07, 2007, Boston, MA
	Colin Dixon , Thomas Anderson , Arvind Krishnamurthy, Phalanx: withstanding multimillion-node botnets, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.45-58, April 16-18, 2008, San Francisco, California
	Bryan Parno , Dan Wendlandt , Elaine Shi , Adrian Perrig , Bruce Maggs , Yih-Chun Hu, Portcullis: protecting connection setup from denial-of-capability attacks, ACM SIGCOMM Computer Communication Review, v.37 n.4, October 2007
	Yu Chen , Kai Hwang , Wei-Shinn Ku., Collaborative Detection of DDoS Attacks over Multiple Network Domains, IEEE Transactions on Parallel and Distributed Systems, v.18 n.12, p.1649-1662, December 2007
	Amit Mondal , Aleksandar Kuzmanovic, Removing exponential backoff from TCP, ACM SIGCOMM Computer Communication Review, v.38 n.5, October 2008
	Xin Liu , Xiaowei Yang , Yanbin Lu, To filter or to authorize: network-layer DoS defense against multimillion-node botnets, ACM SIGCOMM Computer Communication Review, v.38 n.4, October 2008
	Supranamaya Ranjan , Ram Swaminathan , Mustafa Uysal , Antonio Nucci , Edward Knightly, DDoS-shield: DDoS-resilient scheduling to counter application layer attacks, IEEE/ACM Transactions on Networking (TON), v.17 n.1, p.26-39, February 2009
	Arjan Durresi , Vamsi Paruchuri , Leonard Barolli, Fast autonomous system traceback, Journal of Network and Computer Applications, v.32 n.2, p.448-454, March, 2009
	Ping Du , Shunji Abe, IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks, IEICE - Transactions on Information and Systems, v.E91-D n.5, p.1274-1281, May 2008
	Ramakrishna Gummadi , Hari Balakrishnan , Petros Maniatis , Sylvia Ratnasamy, Not-a-Bot: improving service availability in the face of botnet attacks, Proceedings of the 6th USENIX symposium on Networked systems design and implementation, p.307-320, April 22-24, 2009, Boston, Massachusetts
	Allen Clement , Edmund Wong , Lorenzo Alvisi , Mike Dahlin , Mirco Marchetti, Making Byzantine fault tolerant systems tolerate Byzantine faults, Proceedings of the 6th USENIX symposium on Networked systems design and implementation, p.153-168, April 22-24, 2009, Boston, Massachusetts
	Pramod Sanaga , Jonathon Duerig , Robert Ricci , Jay Lepreau, Modeling and emulation of internet paths, Proceedings of the 6th USENIX symposium on Networked systems design and implementation, p.199-212, April 22-24, 2009, Boston, Massachusetts
	Matthias Baumgart , Christian Scheideler , Stefan Schmid, A DoS-resilient information system for dynamic data management, Proceedings of the twenty-first annual symposium on Parallelism in algorithms and architectures, August 11-13, 2009, Calgary, AB, Canada
	Anjali Sardana , Ramesh Joshi, An auto-responsive honeypot architecture for dynamic resource allocation and QoS adaptation in DDoS attacked networks, Computer Communications, v.32 n.12, p.1384-1399, July, 2009