skip to main content
10.1145/3005745.3005773acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article
Public Access

Dispersing Asymmetric DDoS Attacks with SplitStack

Published: 09 November 2016 Publication History

Abstract

This paper presents SplitStack, an architecture targeted at mitigating asymmetric DDoS attacks. These attacks are particularly challenging, since attackers can use a limited amount of resources to trigger exhaustion of a particular type of system resource on the server side. SplitStack resolves this by splitting the monolithic stack into many separable components called minimum splittable units (MSUs). If part of the application stack is experiencing a DDoS attack, SplitStack massively replicates just the affected MSUs, potentially across many machines. This allows scaling of the impacted resource separately from the rest of the application stack, so that resources can be precisely added where needed to combat the attack. We validate SplitStack via a preliminary case study, and show that it outperforms naive replication in defending against asymmetric attacks.

References

[1]
Regular expression denial of service - ReDoS. https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS.
[2]
SSL renegotiation DoS. https://www.ietf.org/mail-archive/web/tls/current/msg07553.html.
[3]
H. Agrawal and J. R. Horgan. Dynamic program slicing. In Proc. PLDI, June 1990.
[4]
M. Ahamad, G. Neiger, J. E. Burns, P. Kohli, and P. W. Hutto. Causal memory: Definitions, implementation, and programming. Distributed Computing, 9(1):37-49, 1995.
[5]
Akamai. Cloud security. https://www.akamai.com/us/en/cloud-security.jsp.
[6]
T. Benzel. The science of cyber-security experimentation: The DETER project. In Proc. ACSAC, Dec. 2011.
[7]
B. Brenner. TCP flag DDoS attack by Lizard Squad indicates DDoS tool development. https://blogs.akamai.com/2015/01/tcp-flag-ddos-attack-by-lizard-squad-indicates-ddos-tool-development.html.
[8]
B. M. Carlson. A PoC hash complexity DoS against PHP. https://github.com/bk2204/php-hash-dos.
[9]
S. Chattopadhyay, C. Kee, A. Roychoudhury, T. Kelter, P. Marwedel, and H. Falk. A unified WCET analysis framework for multi-core platforms. In Proc. RTAS, 2012.
[10]
S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In Proc. SOSP, 2007.
[11]
B.-G. Chun, S. Ihm, P. Maniatis, M. Naik, and A. Patti. CloneCloud: Elastic execution between mobile device and cloud. In Proc. EuroSys, 2011.
[12]
D. Cid. Layer 7 DDOS-blocking HTTP flood attacks. https://blog.sucuri.net/2014/02/layer-7-ddos-blocking-http-flood-attacks.html.
[13]
Cisco. Microsoft windows TCP/IP connection exhaustion denial of service vulnerability. https://tools.cisco.com/security/center/viewAlert.x?alertId=18959.
[14]
C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live Migration of Virtual Machines. In Proc. NSDI, 2005.
[15]
J. Corbet. TCP connection repair. https://lwn.net/Articles/495304/.
[16]
J. Du, S. Elnikety, A. Roy, and W. Zwaenepoel. Orbe: Scalable causal consistency using dependency matrices and physical clocks. In Proc. SOCC, 2013.
[17]
W. M. Eddy. Defenses against TCP SYN flooding attacks. http://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/table-contents-34/syn-flooding-attacks.html.
[18]
F5. SSL Acceleration. https://f5.com/glossary/ssl-acceleration.
[19]
S. K. Fayaz, Y. Tobioka, V. Sekar, and M. Bailey. Bohatei: Flexible and elastic DDoS defense. In Proc. USENIX Security, Aug. 2015.
[20]
J. Ferrante, K. J. Ottenstein, and J. D. Warren. The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst., 9(3):319-349, July 1987.
[21]
A. Gefflaut, T. Jaeger, Y. Park, J. Liedtke, K. J. Elphinstone, V. Uhlig, J. E. Tidswell, L. Deller, and L. Reuther. The SawMill multiserver approach. In Proc 9th ACM SIGOPS European Workshop, pages 109-114, 2000.
[22]
H. Gill, D. Lin, X. Han, C. Nguyen, T. Gill, and B. T. Loo. Scalanytics: A declarative multi-core platform for scalable composable traffic analytics. In Proc. HPDC, 2013.
[23]
S. Guha, P. Francis, and N. Taft. ShutUp: End-to-end containment of unwanted traffic. Technical report, Cornell University, July 2008.
[24]
D. W. Holmes. Defending against low-bandwidth, asymmetric denial-of-service attacks. Presentation at the RSA Conference Europe, Oct. 2013.
[25]
Q. Jia, H. Wang, D. Fleck, F. Li, A. Stavrou, and W. Powell. Catch me if you can: A cloud-enabled DDoS defense. In Proc. DSN, June 2014.
[26]
C. Jin, H. Wang, and K. G. Shin. Hop-count filtering: an effective defense against spoofed DDoS traffic. In Proc. CCS, 2003.
[27]
C. Kern. Increased use of multi-vector DDoS attacks targeting companies. http://www.bsminfo.com/doc/increased-use-of-multi-vector-ddos-attacks-targeting-companies-0001.
[28]
E. Kohler, R. Morris, B. Chen, J. Jannotti, and M. F. Kaashoek. The Click modular router. ACM Trans. Comput. Syst., 18(3):263-297, Aug. 2000.
[29]
S. B. Lee, M. S. Kang, and V. D. Gligor. CoDef: Collaborative defense against large-scale link-flooding attacks. In Proc. CoNEXT, 2013.
[30]
Q. Liao, D. A. Cieslak, A. D. Striegel, and N. V. Chawla. Using selective, short-term memory to improve resilience against DDoS exhaustion attacks. Security and Communication Networks, 1(4):287-299, 2008.
[31]
R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S. Shenker. Controlling high bandwidth aggregates in the network. In Proc. CCR, 2002.
[32]
J. Midtgaard. Control-flow analysis of functional programs. ACM Comput. Surv., 44(3):10:1-10:33, June 2012.
[33]
National Vulnerability Database. Vulnerability summary for CVE-2011-3192. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192.
[34]
R. Newton, S. Toledo, L. Girod, H. Balakrishnan, and S. Madden. Wishbone: Profile-based partitioning for sensornet applications. In Proc. NSDI, 2009.
[35]
P. Patel, D. Bansal, L. Yuan, A. Murthy, A. Greenberg, D. A. Maltz, R. Kern, H. Kumar, M. Zikos, H. Wu, C. Kim, and N. Karri. Ananta: Cloud scale load balancing. In Proc. SIGCOMM, 2013.
[36]
D. Pauli. Chinese gambling site served near record-breaking complex DDoS. July 2016. http://www.theregister.co.uk/AMP/2016/07/01/470_gbps_multivector_chinese_gambling.
[37]
D. Senecal. Slow DoS on the rise. https://blogs.akamai.com/2013/09/slow-dos-on-the-rise.html.
[38]
O. Shivers. Control flow analysis in Scheme. In Proc. PLDI, June 1988.
[39]
The Hacker's Choice. The thc-ssl-dos tool. https://www.thc.org/thc-ssl-dos.
[40]
Thoughtworks. Real-world microservices: Lessons from the frontline. 2014. https://www.thoughtworks.com/insights/blog/microservices-lessons-frontline.
[41]
E. Tilevich and Y. Smaragdakis. J-Orchestra: Enhancing Java programs with distribution capabilities. ACM Trans. Softw. Eng. Methodol., 19(1):1:1-1:40, Aug. 2009.
[42]
M. Trojnara. The stunnel TLS proxy. https://www.stunnel.org/index.html.
[43]
W. Turton. An interview with Lizard Squad, the hackers who took down Xbox Live. Dec. 2016. http://www.dailydot.com/debug/lizard-squad-hackers/.
[44]
R. Vamosi. Study: DDoS attacks threaten ISP infrastructure. http://www.cnet.com/news/study-ddos-attacks-threaten-isp-infrastructure/.
[45]
M. Weiser. Program slicing. In Proc. ICSE, Mar. 1981.
[46]
J. Yan, S. Early, and R. Anderson. The XenoService - a distributed defeat for distributed denial of service. In Proc. ISW, 2000.
[47]
L. Zheng, S. Chong, A. C. Myers, and S. Zdancewic. Using replication and partitioning to build secure distributed systems. In Proc. IEEE Symp. on Security and Privacy, 2003.

Cited By

View all
  • (2024)From Seek-and-Destroy to Split-and-Destroy: Connection Partitioning as an Effective Tool against Low-Rate DoS AttacksFuture Internet10.3390/fi1604013716:4(137)Online publication date: 19-Apr-2024
  • (2023)Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping StudySensors10.3390/s2304175523:4(1755)Online publication date: 4-Feb-2023
  • (2022)StargazeProceedings of the 4th Workshop on CPS & IoT Security and Privacy10.1145/3560826.3563382(47-53)Online publication date: 7-Nov-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
HotNets '16: Proceedings of the 15th ACM Workshop on Hot Topics in Networks
November 2016
217 pages
ISBN:9781450346610
DOI:10.1145/3005745
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2016

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Funding Sources

  • DARPA

Conference

HotNets-XV
Sponsor:

Acceptance Rates

HotNets '16 Paper Acceptance Rate 30 of 108 submissions, 28%;
Overall Acceptance Rate 110 of 460 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)72
  • Downloads (Last 6 weeks)6
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)From Seek-and-Destroy to Split-and-Destroy: Connection Partitioning as an Effective Tool against Low-Rate DoS AttacksFuture Internet10.3390/fi1604013716:4(137)Online publication date: 19-Apr-2024
  • (2023)Static-Analysis-Based Solutions to Security Challenges in Cloud-Native Systems: Systematic Mapping StudySensors10.3390/s2304175523:4(1755)Online publication date: 4-Feb-2023
  • (2022)StargazeProceedings of the 4th Workshop on CPS & IoT Security and Privacy10.1145/3560826.3563382(47-53)Online publication date: 7-Nov-2022
  • (2022)Extended Berkeley Packet Filter: An Application PerspectiveIEEE Access10.1109/ACCESS.2022.322626910(126370-126393)Online publication date: 2022
  • (2019)Detecting asymmetric application-layer denial-of-service attacks in-flight with finelameProceedings of the 2019 USENIX Conference on Usenix Annual Technical Conference10.5555/3358807.3358866(693-707)Online publication date: 10-Jul-2019
  • (2018)DDoS-Capable IoT MalwaresSecurity and Communication Networks10.1155/2018/71781642018Online publication date: 18-Feb-2018
  • (2018)DeDoSProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274727(712-722)Online publication date: 3-Dec-2018
  • (2018)Making Break-ups Less PainfulProceedings of the 2018 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3273045.3273046(14-19)Online publication date: 15-Oct-2018
  • (2018)Scale Inside-Out: Rapid Mitigation of Cloud DDoS AttacksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2017.276316015:6(959-973)Online publication date: 1-Nov-2018
  • (2018)Cross-model convolutional neural network for multiple modality data representationNeural Computing and Applications10.1007/s00521-016-2824-430:8(2343-2353)Online publication date: 1-Oct-2018
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media