Skip to main content
SpringerLink
Log in

Agile Virtual Infrastructure for Cyber Deception Against Stealthy DDoS Attacks

  • Chapter
  • First Online:
Cyber Deception

Abstract

DDoS attacks have been a persistent threat to network availability for many years. Most of the existing mitigation techniques attempt to protect against DDoS by filtering out attack traffic. However, as critical network resources are usually static, adversaries are able to bypass filtering by sending stealthy low traffic from large number of bots that mimic benign traffic behavior. Sophisticated stealthy attacks on critical links can cause a devastating effect such as partitioning domains and networks. Our proposed approach, called MoveNet, defend against DDoS attacks by proactively and reactively changing the footprint of critical resources in an unpredictable fashion to deceive attacker’s knowledge about critical network resources. MoveNet employs virtual networks (VNs) to offer constant, dynamic and threat-aware reallocation of critical network resources (VN migration). Our approach has two components: (1) a correct-by-construction VN migration planning that significantly increases the uncertainty about critical links of multiple VNs while preserving the VN properties, and (2) an efficient VN migration mechanism that identifies the appropriate configuration sequence to enable node migration while maintaining the network integrity (e.g., avoiding session disconnection). We formulate and implement this framework using Satisfiability Modulo Theory (SMT) logic. We also demonstrate the effectiveness of our implemented framework on both PlanetLab and Mininet-based experimentations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This research was supported in part by National Science Foundation under Grants No. CNS-1320662 and CNS-1319490. Any opinions, findings, conclusions or recommendations stated in this material are those of the authors and do not necessarily reflect the views of the funding sources.

  2. 2.

    In a commercial products like Virtela [11] and Aryaka [12], they expect to estimate this traffic as well.

  3. 3.

    After each iteration, the counter is decremented by one.

  4. 4.

    Due to limited space, we skip the technical details of our controller extensions and implementation.

  5. 5.

    Due to anonymous submission, we are not disclosing this information.

References

  1. M. S. Kang, S. B. Lee, and V. D. Gilgor, “The crossfire attack.” in Proceedings of IEEE Symposium on Security and Privacy, 2013.

    Google Scholar 

  2. A. D. Keromytis, V. Misra, and D. Rubenstein, “Sos: Secure overlay services.” in Proc. ACM SIGCOMM, August 2002.

    Google Scholar 

  3. “Akamai,” http://www.akamai.com.

  4. M. Faloutsos, P. Faloutsos, and C. Faloutsos, “On power law relationships on the internet topology.” in In Proc. ACM SIGCOMM, 1999.

    Google Scholar 

  5. T. Anderson, L. Peterson, S. Shenker, and J. Turner, “Overcoming the internet impasse through virtualization,” IEEE Computer, 2005.

    Google Scholar 

  6. A. Gupta, J. Kleinberg, A. Kumar, R. Rastogi, and B. Yener, “Provisioning a virtual private network: a network design problem for multicommodity flow.” in Proc. ACM symposium on Theory of computing (STOC),, 2001, pp. 389–398.

    Google Scholar 

  7. Y. Zhu and M. Ammar, “Algorithms for assigning substrate network resources to virtual network components.” in INFOCOM, 2006.

    Google Scholar 

  8. A. Haque and P.-H. Ho, “Design of survivable optical virtual private networks (o-vpns).” in Proc. 1st IEEE International Workshop on Provisioning and Transport for Hybrid Networks, 2004.

    Google Scholar 

  9. W. Szeto, Y. Iraqi, and R. Boutaba, “A multi-commodity flow based approach to virtual network resource allocation.” in Proc. GLOBECOM: IEEE Global Telecommunications Conference,, 2003.

    Google Scholar 

  10. M. Demirci, S. Lo, S. Seetharaman, and M. Ammar, “Multi-layer monitoring of overlay networks,” in Proceedings of the PAM, 2009.

    Google Scholar 

  11. “Virtela,” http://www.virtela.net/platforms/virtualized-overlay-networking/.

  12. “Aryaka,” http://www.aryaka.com/.

  13. L. D. Moura and N. Bjorner, Satisfiability Modulo Theories: Introduction and Applications. CACM, 2011.

    Google Scholar 

  14. “Z3 theorm prover,” http://research.microsoft.com/en-us/um/redmond/projects/z3/.

  15. “Yices: An smt solver,” http://yices.csl.sri.com/.

  16. “Planetlab,” http://www.planet-lab.org.

  17. S. Lo, M. Ammar, E. Zegura, and M. Fayed, “Virtual Network Migration on Real Infrastructure: A PlanetLab Case Study,” in Proceedings of the 12th International IFIP TC 6 Conference on Networking, 2014.

    Google Scholar 

  18. T. Anderson, T. Roscoe, and DavidWetherall, “Preventing internet denial-of-service with capabilities.” in Proceedings of Hotnets-II, November 2003.

    Google Scholar 

  19. A. Yaar, A. Perrig, and D. Song, “An endhost capability mechanism to mitigate ddos flooding attacks.” in Proceedings of the IEEE Symposium on Security and Privacy,, May 2004.

    Google Scholar 

  20. X. Yang, D. Wetherall, and T. Anderson, “An endhost capability mechanism to mitigate ddos flooding attacks.” in Proc. ACM SIGCOMM,, August 2005.

    Google Scholar 

  21. J. Ioannidis and S. M. Bellovin, “Implementing pushback: Router-based defense against ddos attacks.” in In Proc. Network and Distributed System Security Symposium (NDSS), February 2002.

    Google Scholar 

  22. R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker, “Controlling high bandwidth aggregates in the network.” Computer Communication Review, vol. 32(3), pp. 62–73, 2002.

    Article  Google Scholar 

  23. A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent, and W. T. Strayer, “Single-packet ip traceback.” IEEE/ACM Transactions on Networking, vol. 10(6), pp. 295–306, December 2002.

    Google Scholar 

  24. D. G. Andersen, “Mayday: Distributed filtering for internet services.” in Proc. 4th USENIX Symposium on Internet Technologies and Systems (USITS), March 2003.

    Google Scholar 

  25. J. Kurian and K. Sarac, “Fonet: A federated overlay network for dos defense in the internet,” University of Texas at Dallas, Technical Report, 2005.

    Google Scholar 

  26. K. Lakshminarayanan, D. Adkins, A. Perrig, and I. Stoica, “Taming ip packet flooding attacks.” in In Proceedings of the HotNets-II, 2003.

    Google Scholar 

  27. A. Stavrou and A. D. Keromytis, “Countering dos attacks with stateless multipath overlays.” in CCS 05: Proceedings of the 12th ACM conference on Computer and communications security, 2005, pp. 249–259.

    Google Scholar 

  28. A. Stavrou, D. L. Cook, W. G. Morein, A. D. Keromytis, V. Misra, and D. Rubenstein, “Websos: an overlay-based system for protecting web servers from denial of service attacks.” Computer Networks, 2005.

    Google Scholar 

  29. J. Fan and M. H. Ammar, “Dynamic topology configuration in service overlay networks: A study of reconfiguration policies,” in Proc. IEEE INFOCOM, 2006.

    Google Scholar 

  30. Y. Wang, E. Keller, B. Biskeborn, J. van der Merwe, and J. Rexford, “Virtual routers on the move: Live router migration as a network-management primitive,” in SIGCOMM, Seattle, WA, Aug. 2008.

    Book  Google Scholar 

  31. S. Lo, M. Ammar, and E. Zegura, “Design and analysis of schedules for virtual network migration,” Georgia Institute of Technology SCS Technical Report, vol. GT-CS-12-05, July 2012.

    Google Scholar 

  32. E. Keller, D. Arora, D. P. Botero, and J. Rexford, “Live migration of an entire network (and its hosts),” Princeton University Computer Science Technical Report, vol. TR-926-12, June 2012.

    Google Scholar 

  33. S. Nedevschi, L. Popa, G. Iannaccone, S. Ratnasamy, and D. Wetherall, “Reducing network energy consumption via sleeping and rate-adaptation.” in NSDI, vol. 8, 2008, pp. 323–336.

    Google Scholar 

  34. B. Peng, A. H. Kemp, and S. Boussakta, “Qos routing with bandwidth and hop-count consideration: A performance perspective,” Journal of Communications, vol. 1, no. 2, pp. 1–11, 2006.

    Article  Google Scholar 

  35. “Geolite free geo IP database.” http://dev.maxmind.com/geoip/legacy/geolite/.

  36. “Geographical distance.” http://en.wikipedia.org/wiki/Geographical_distance.

  37. F. Gillani, E. Al-Shaer, S. Lo, Q. Duan, M. Ammar, and E. Zegura, “Agile virtualized infrastructure to proactively defend against cyber attacks.” in Infocom. IEEE, 2015.

    Google Scholar 

  38. “Brite topology generator,” http://www.cs.bu.edu/brite/.

  39. “Technical details behind a 400gbps ntp amplification ddos attack.” http://blog.cloudflare.com/technical-details-behind-a-400gbps-ntp-amplification-ddos-attack.

Download references

Author information

Authors and Affiliations

  1. University of North Carolina, Charlotte, NC, USA

    Ehab Al-Shaer & Syed Fida Gillani

Authors
  1. Ehab Al-Shaer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Syed Fida Gillani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ehab Al-Shaer .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  2. Department of Computer Science, University of Maryland, College Park, Maryland, USA

    V.S. Subrahmanian

  3. The MITRE Corporation, McLean, Virginia, USA

    Vipin Swarup

  4. Computing & Information Science Division, Information Sciences Directorate Computing & Information Science Division, Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Al-Shaer, E., Gillani, S.F. (2016). Agile Virtual Infrastructure for Cyber Deception Against Stealthy DDoS Attacks. In: Jajodia, S., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Deception. Springer, Cham. https://doi.org/10.1007/978-3-319-32699-3_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-32699-3_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-32697-9

  • Online ISBN: 978-3-319-32699-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation