DDoS Defense by Offense

被引:34
作者
Walfish, Michael [1 ]
Vutukuru, Mythili
Balakrishnan, Hari
Karger, David
Shenker, Scott [2 ]
机构
[1] Univ Texas Austin, Dept Comp Sci, Austin, TX 78712 USA
[2] Univ Calif Berkeley, Berkeley, CA USA
来源
ACM TRANSACTIONS ON COMPUTER SYSTEMS | 2010年 / 28卷 / 01期
关键词
Design; Experimentation; Security; DoS attack; bandwidth; currency;
D O I
10.1145/1731060.1731063
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.
引用
收藏
页数:54
相关论文
共 75 条
[21]   CARDIAC REFRACTORINESS IN RATS IS REDUCED BY ANGIOTENSIN-II [J].
DEMELLO, WC ;
CRESPO, MJ .
JOURNAL OF CARDIOVASCULAR PHARMACOLOGY, 1995, 25 (01) :51-56
[22]  
DWORK C, 2003, P CRYPTO
[23]  
Dwork C., 1992, P CRYPTO
[24]  
FALK E, 2006, NEW HOST CLOAKING TE
[25]  
Feamster N., 2005, ACM SIGCOMM COMPUT C, V35, P1
[26]  
FENG W, 2003, P ACM SIGCOMM WORKSH
[27]   Packet-level traffic measurements from the Sprint IP backbone [J].
Fraleigh, C ;
Moon, S ;
Lyles, B ;
Cotton, C ;
Khan, M ;
Moll, D ;
Rockell, R ;
Seely, T ;
Diot, C .
IEEE NETWORK, 2003, 17 (06) :6-16
[28]  
FREILING FC, 2005, P EUR S RES COMP SEC
[29]  
GLIGOR VD, 2003, P INT WORKSH SEC PRO
[30]  
GUNTER C, 2004, P NETW DISTR SYST SE