DDoS Defense by Offense

This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cy...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	ACM transactions on computer systems 2010-03, Vol.28 (1), p.1-54
Hauptverfasser:	WALFISH, Michael, VUTUKURU, Mythili, BALAKRISHNAN, Hari, KARGER, David, SHENKER, Scott
Format:	Artikel
Sprache:	eng
Schlagworte:	Applied sciences Bandwidth Clients Computer science control theory systems Computer systems and distributed systems. User interface Consumption Denial of service attacks Design engineering Electronics Exact sciences and technology Integrated circuits Integrated circuits by function (including memories and processors) Operation, maintenance, reliability of teleprocessing networks Semiconductor electronics. Microelectronics. Optoelectronics. Solid state devices Servers Software Systems, networks and services of telecommunications Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn Teletraffic Traffic flow
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	54
container_issue	1
container_start_page	1
container_title	ACM transactions on computer systems
container_volume	28
creator	WALFISH, Michael VUTUKURU, Mythili BALAKRISHNAN, Hari KARGER, David SHENKER, Scott
description	This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.
doi_str_mv	10.1145/1731060.1731063
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_743659082</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>743659082</sourcerecordid><originalsourceid>FETCH-LOGICAL-c443t-4eed0d45262dd6dbefc6d71b8ab219cd00c555965862f668e32e26862d0b9b5c3</originalsourceid><addsrcrecordid>eNp9kL1PwzAQxS0EEqEwd-2CYAk9-_wRj6jhS6rUAZgjxz5LQWlT4nbof09oI0amd-_0e294jE05PHAu1Zwb5KAHc1Q8YxlXyuQGEc9ZBgZlLsDwS3aV0hcADH-RsWlZdu-zkiJtEs3qw2wVj-c1u4iuTXQz6oR9Pj99LF7z5erlbfG4zL2UuMslUYAgldAiBB1qil4Hw-vC1YJbHwC8UspqVWgRtS4IBQk9mAC1rZXHCbs79W777ntPaVetm-Spbd2Gun2qjEStLBRiIO__Jbk2XOrCWjug8xPq-y6lnmK17Zu16w8Vh-p3rGoca1QcErdjuUvetbF3G9-kv5gQBhCA4w9gHmVI</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1671468999</pqid></control><display><type>article</type><title>DDoS Defense by Offense</title><source>ACM Digital Library</source><source>Business Source Complete</source><creator>WALFISH, Michael ; VUTUKURU, Mythili ; BALAKRISHNAN, Hari ; KARGER, David ; SHENKER, Scott</creator><creatorcontrib>WALFISH, Michael ; VUTUKURU, Mythili ; BALAKRISHNAN, Hari ; KARGER, David ; SHENKER, Scott</creatorcontrib><description>This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.</description><identifier>ISSN: 0734-2071</identifier><identifier>EISSN: 1557-7333</identifier><identifier>DOI: 10.1145/1731060.1731063</identifier><identifier>CODEN: ACSYEC</identifier><language>eng</language><publisher>New York, NY: Association for Computing Machinery</publisher><subject>Applied sciences ; Bandwidth ; Clients ; Computer science; control theory; systems ; Computer systems and distributed systems. User interface ; Consumption ; Denial of service attacks ; Design engineering ; Electronics ; Exact sciences and technology ; Integrated circuits ; Integrated circuits by function (including memories and processors) ; Operation, maintenance, reliability of teleprocessing networks ; Semiconductor electronics. Microelectronics. Optoelectronics. Solid state devices ; Servers ; Software ; Systems, networks and services of telecommunications ; Telecommunications ; Telecommunications and information theory ; Teleprocessing networks. Isdn ; Teletraffic ; Traffic flow</subject><ispartof>ACM transactions on computer systems, 2010-03, Vol.28 (1), p.1-54</ispartof><rights>2015 INIST-CNRS</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c443t-4eed0d45262dd6dbefc6d71b8ab219cd00c555965862f668e32e26862d0b9b5c3</citedby><cites>FETCH-LOGICAL-c443t-4eed0d45262dd6dbefc6d71b8ab219cd00c555965862f668e32e26862d0b9b5c3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=22703001$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><creatorcontrib>WALFISH, Michael</creatorcontrib><creatorcontrib>VUTUKURU, Mythili</creatorcontrib><creatorcontrib>BALAKRISHNAN, Hari</creatorcontrib><creatorcontrib>KARGER, David</creatorcontrib><creatorcontrib>SHENKER, Scott</creatorcontrib><title>DDoS Defense by Offense</title><title>ACM transactions on computer systems</title><description>This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.</description><subject>Applied sciences</subject><subject>Bandwidth</subject><subject>Clients</subject><subject>Computer science; control theory; systems</subject><subject>Computer systems and distributed systems. User interface</subject><subject>Consumption</subject><subject>Denial of service attacks</subject><subject>Design engineering</subject><subject>Electronics</subject><subject>Exact sciences and technology</subject><subject>Integrated circuits</subject><subject>Integrated circuits by function (including memories and processors)</subject><subject>Operation, maintenance, reliability of teleprocessing networks</subject><subject>Semiconductor electronics. Microelectronics. Optoelectronics. Solid state devices</subject><subject>Servers</subject><subject>Software</subject><subject>Systems, networks and services of telecommunications</subject><subject>Telecommunications</subject><subject>Telecommunications and information theory</subject><subject>Teleprocessing networks. Isdn</subject><subject>Teletraffic</subject><subject>Traffic flow</subject><issn>0734-2071</issn><issn>1557-7333</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2010</creationdate><recordtype>article</recordtype><recordid>eNp9kL1PwzAQxS0EEqEwd-2CYAk9-_wRj6jhS6rUAZgjxz5LQWlT4nbof09oI0amd-_0e294jE05PHAu1Zwb5KAHc1Q8YxlXyuQGEc9ZBgZlLsDwS3aV0hcADH-RsWlZdu-zkiJtEs3qw2wVj-c1u4iuTXQz6oR9Pj99LF7z5erlbfG4zL2UuMslUYAgldAiBB1qil4Hw-vC1YJbHwC8UspqVWgRtS4IBQk9mAC1rZXHCbs79W777ntPaVetm-Spbd2Gun2qjEStLBRiIO__Jbk2XOrCWjug8xPq-y6lnmK17Zu16w8Vh-p3rGoca1QcErdjuUvetbF3G9-kv5gQBhCA4w9gHmVI</recordid><startdate>20100301</startdate><enddate>20100301</enddate><creator>WALFISH, Michael</creator><creator>VUTUKURU, Mythili</creator><creator>BALAKRISHNAN, Hari</creator><creator>KARGER, David</creator><creator>SHENKER, Scott</creator><general>Association for Computing Machinery</general><scope>IQODW</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20100301</creationdate><title>DDoS Defense by Offense</title><author>WALFISH, Michael ; VUTUKURU, Mythili ; BALAKRISHNAN, Hari ; KARGER, David ; SHENKER, Scott</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c443t-4eed0d45262dd6dbefc6d71b8ab219cd00c555965862f668e32e26862d0b9b5c3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2010</creationdate><topic>Applied sciences</topic><topic>Bandwidth</topic><topic>Clients</topic><topic>Computer science; control theory; systems</topic><topic>Computer systems and distributed systems. User interface</topic><topic>Consumption</topic><topic>Denial of service attacks</topic><topic>Design engineering</topic><topic>Electronics</topic><topic>Exact sciences and technology</topic><topic>Integrated circuits</topic><topic>Integrated circuits by function (including memories and processors)</topic><topic>Operation, maintenance, reliability of teleprocessing networks</topic><topic>Semiconductor electronics. Microelectronics. Optoelectronics. Solid state devices</topic><topic>Servers</topic><topic>Software</topic><topic>Systems, networks and services of telecommunications</topic><topic>Telecommunications</topic><topic>Telecommunications and information theory</topic><topic>Teleprocessing networks. Isdn</topic><topic>Teletraffic</topic><topic>Traffic flow</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>WALFISH, Michael</creatorcontrib><creatorcontrib>VUTUKURU, Mythili</creatorcontrib><creatorcontrib>BALAKRISHNAN, Hari</creatorcontrib><creatorcontrib>KARGER, David</creatorcontrib><creatorcontrib>SHENKER, Scott</creatorcontrib><collection>Pascal-Francis</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>ACM transactions on computer systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>WALFISH, Michael</au><au>VUTUKURU, Mythili</au><au>BALAKRISHNAN, Hari</au><au>KARGER, David</au><au>SHENKER, Scott</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>DDoS Defense by Offense</atitle><jtitle>ACM transactions on computer systems</jtitle><date>2010-03-01</date><risdate>2010</risdate><volume>28</volume><issue>1</issue><spage>1</spage><epage>54</epage><pages>1-54</pages><issn>0734-2071</issn><eissn>1557-7333</eissn><coden>ACSYEC</coden><abstract>This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.</abstract><cop>New York, NY</cop><pub>Association for Computing Machinery</pub><doi>10.1145/1731060.1731063</doi><tpages>54</tpages><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 0734-2071
ispartof	ACM transactions on computer systems, 2010-03, Vol.28 (1), p.1-54
issn	0734-2071 1557-7333
language	eng
recordid	cdi_proquest_miscellaneous_743659082
source	ACM Digital Library; Business Source Complete
subjects	Applied sciences Bandwidth Clients Computer science control theory systems Computer systems and distributed systems. User interface Consumption Denial of service attacks Design engineering Electronics Exact sciences and technology Integrated circuits Integrated circuits by function (including memories and processors) Operation, maintenance, reliability of teleprocessing networks Semiconductor electronics. Microelectronics. Optoelectronics. Solid state devices Servers Software Systems, networks and services of telecommunications Telecommunications Telecommunications and information theory Teleprocessing networks. Isdn Teletraffic Traffic flow
title	DDoS Defense by Offense
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T21%3A22%3A54IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=DDoS%20Defense%20by%20Offense&rft.jtitle=ACM%20transactions%20on%20computer%20systems&rft.au=WALFISH,%20Michael&rft.date=2010-03-01&rft.volume=28&rft.issue=1&rft.spage=1&rft.epage=54&rft.pages=1-54&rft.issn=0734-2071&rft.eissn=1557-7333&rft.coden=ACSYEC&rft_id=info:doi/10.1145/1731060.1731063&rft_dat=%3Cproquest_cross%3E743659082%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1671468999&rft_id=info:pmid/&rfr_iscdi=true