DDoS Defense by Offense

DDoS Defense by Offense

This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cy...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:ACM transactions on computer systems 2010-03, Vol.28 (1), p.1-54
Hauptverfasser: WALFISH, Michael, VUTUKURU, Mythili, BALAKRISHNAN, Hari, KARGER, David, SHENKER, Scott
Format: Artikel
Sprache:eng
Schlagworte:
Applied sciences
Bandwidth
Clients
Computer science
control theory
systems
Computer systems and distributed systems. User interface
Consumption
Denial of service attacks
Design engineering
Electronics
Exact sciences and technology
Integrated circuits
Integrated circuits by function (including memories and processors)
Operation, maintenance, reliability of teleprocessing networks
Semiconductor electronics. Microelectronics. Optoelectronics. Solid state devices
Servers
Software
Systems, networks and services of telecommunications
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Teletraffic
Traffic flow
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.
ISSN:0734-2071
1557-7333
DOI:10.1145/1731060.1731063