research-article

Free access

Minimizing collateral damage by proactive surge protection

Authors:

Subhabrata Sen,

Oliver SpatscheckAuthors Info & Claims

LSAD '07: Proceedings of the 2007 workshop on Large scale attack defense

Pages 97 - 104

https://doi.org/10.1145/1352664.1352667

Published: 27 August 2007 Publication History

Abstract

Existing mechanisms for defending against distributed denial-of-service (DDoS) attacks are generally reactive in nature. However, the onset of large-scale bandwidth-based attacks can occur suddenly, potentially knocking out substantial parts of a network before reactive defenses can respond. Even for traffic flows that are not under direct attack, significant collateral damage will result if these flows pass through links that are common to attack routes. This paper presents a proactive-surge-protection (PSP) mechanism that aims to provide a broad first line of defense against DDoS attacks. Our solution aims to minimize collateral damage by providing bandwidth isolation between traffic flows. This isolation is achieved through a combination of traffic forecasting, proportional allocation of network capacity, metering and tagging of packets at the network perimeter, and preferential dropping of packets inside the network. Our solution is readily deployable using existing router mechanisms. Simulations across three large backbone networks show that up to 95.5% of the network could suffer collateral damage without protection, but our solution was able to reduce the amount of collateral damage by 60.5-97.8%, even with a coarse-grained forecasting scheme.

References

[1]

Abilene NOC weathermap. http://weathermap.grnoc.iu.edu/abilene_jpg.html.

[2]

Advanced networking for leading-edge research and education. http://abilene.internet2.edu.

[3]

Arbor peakflow. www.arbor.net.

[4]

CERT CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks.

[5]

Cisco guard. http://www.cisco.com/en/US/products/ps5888/index.html.

[6]

Washington Post, The Botnet Trackers, Tursday, February 16, 2006.

[7]

H. Ballani, Y. Chawathe, S. Ratnasamy, T. Roscoe, and S. Shenker. Off by default! In ACM HotNets Workshop, November 2005.

[8]

D. Clark and W. Fang. Explicit allocation of best-effort packet delivery service. IEEE/ACM ToN, August 1998.

Digital Library

[9]

M. A. El-Gendy, A. Bose, and K. G. Shin. Evolution of the Internet QoS and support for soft real-time applications. Proceedings of the IEEE, 91(7):1086--1104, July 2003.

[10]

A. Feldmann, A. Greenberg, C. Lund, N. Reingold, J. Rexford, and F. True. Deriving traffic demands for operational IP networks: Methodology and experience. In ACM SIGCOMM, June 2000.

Digital Library

[11]

S. Floyd and V. Jacobson. Random early detection gateways for congestion avoidance. IEEE/ACM ToN, August 1993.

Digital Library

[12]

M. Grossglauser and D. N. C. Tse. A framework for robust measurement-based admission control. In IEEE/ACM ToN, 1999.

Digital Library

[13]

E. Horvitz, J. Apacible, R. Sarin, and L. Liao. Prediction, expectation, and surprise: Methods, designs, and study of a deployed traffic forecasting service. In Conference on UAI, July 2005.

[14]

S. Jamin, P. B. Danzig, S. Shenker, and L. Zhang. A measurement-based admission control algorithm for integrated services packet networks. IEEE/ACM ToN, February 1996.

Digital Library

[15]

S. Kandula, D. Katabi, M. Jacob, and A. Berger. Botz-4-Sale: Surviving organized DDoS attacks that mimic flash crowds. In ACM/USENIX NSDI, May 2005.

Digital Library

[16]

K. Lakshminarayanan, D. Adkins, A. Perrig, and I. Stoica. Taming IP packet flooding attacks. In ACM HotNets Workshop, 2003.

[17]

X. Li, F. Bian, M. Crovella, C. Diot, R. Govindan, G. Iannaccone, and A. Lakhina. Detection and identification of network anomalies using sketch subspaces. In ACM/USENIX IMC, October 2006.

Digital Library

[18]

Z. M. Mao, V. Sekar, O. Spatscheck, J. Van der Merwe, and R. Vasudevan. Analyzing large ddos attacks using multiple data sources. In ACM LSAD Workshop, pages 161--168, November 2006.

Digital Library

[19]

B. Raghavan and A. C. Snoeren. A system for authenticated policy-compliant routing. In ACM SIGCOMM, October 2004.

Digital Library

[20]

M. Roughan, A. Greenberg, C. Kalmanek, M. Rumsewicz, J. Yates, and Y. Zhang. Experience in measuring internet backbone traffic variability:models, metrics, measurements and meaning. In International Teletraffic Congress (ITC), November 2003.

[21]

S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Network support for IP traceback. IEEE/ACM ToN, 9(3), June 2001.

Digital Library

[22]

A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent, and W. T. Strayer. Single-packet IP traceback. IEEE/ACM ToN, 10(6):721--734, December 2002.

Digital Library

[23]

S. Sun, C. Zhang, and Y. Zhang. Traffic flow forecasting using a spatio-temporal bayesian network predictor. In International Conference on Artificial Neural Networks, September 2005.

Digital Library

[24]

P. Verkaik, O. Spatscheck, J. V. der Merwe, and A. C. Snoeren. Primed: community-of-interest-based ddos mitigation. In ACM LSAD Workshop, pages 147--154, November 2006.

Digital Library

[25]

A. Yaar, A. Perrig, and D. Song. Pi: A path identification mechanism to defend against DDoS attacks. In IEEE Security and Privacy Symposium, pages 93--107, May 2003.

Digital Library

[26]

A. Yaar, A. Perrig, and D. Song. An endhost capability mechanism to mitigate DDoS flooding attacks. In IEEE Security and Privacy Symposium, May 2004.

Cited By

Kalafut Avan der Merwe JGupta M(2009)Communities of interest for internet traffic prioritizationProceedings of the 28th IEEE international conference on Computer Communications Workshops10.5555/1719850.1719852(7-12)Online publication date: 19-Apr-2009
https://dl.acm.org/doi/10.5555/1719850.1719852
Kalafut Avan der Merwe JGupta M(2009)Communities of Interest for Internet Traffic PrioritizationIEEE INFOCOM Workshops 200910.1109/INFCOMW.2009.5072118(1-6)Online publication date: Apr-2009
https://doi.org/10.1109/INFCOMW.2009.5072118
Chou JLin BSen SSpatscheck OVan Oorschot P(2008)Proactive surge protectionProceedings of the 17th conference on Security symposium10.5555/1496711.1496720(123-138)Online publication date: 28-Jul-2008
https://dl.acm.org/doi/10.5555/1496711.1496720

Index Terms

Minimizing collateral damage by proactive surge protection
1. Networks
  1. Network components
  2. Network types
    1. Public Internet

Recommendations

Proactive surge protection: a defense mechanism for bandwidth-based attacks

Large-scale bandwidth-based distributed denial-of-service (DDoS) attacks can quickly knock out substantial parts of a network before reactive defenses can respond. Even traffic that is not under direct attack can suffer significant collateral damage if ...
Proactive surge protection: a defense mechanism for bandwidth-based attacks
SS'08: Proceedings of the 17th conference on Security symposium

Large-scale bandwidth-based distributed denial-of-service (DDoS) attacks can quickly knock out substantial parts of a network before reactive defenses can respond. Even traffic flows that are not under direct attack can suffer significant collateral ...
Toward Digital Asset Protection

The goal of software protection (SP) research is to make software safe from malicious attacks by preventing adversaries from tampering, reverse engineering, and illegally redistributing software. The Digital Asset Protection Association (DAPA) was ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

LSAD '07: Proceedings of the 2007 workshop on Large scale attack defense

August 2007

73 pages

ISBN:9781595937858

DOI:10.1145/1352664

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 August 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCOMM07

Sponsor:

SIGCOMM

SIGCOMM07: ACM SIGCOMM 2007 Conference

August 27, 2007

Kyoto, Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
234
Total Downloads

Downloads (Last 12 months)57
Downloads (Last 6 weeks)10

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kalafut Avan der Merwe JGupta M(2009)Communities of interest for internet traffic prioritizationProceedings of the 28th IEEE international conference on Computer Communications Workshops10.5555/1719850.1719852(7-12)Online publication date: 19-Apr-2009
https://dl.acm.org/doi/10.5555/1719850.1719852
Kalafut Avan der Merwe JGupta M(2009)Communities of Interest for Internet Traffic PrioritizationIEEE INFOCOM Workshops 200910.1109/INFCOMW.2009.5072118(1-6)Online publication date: Apr-2009
https://doi.org/10.1109/INFCOMW.2009.5072118
Chou JLin BSen SSpatscheck OVan Oorschot P(2008)Proactive surge protectionProceedings of the 17th conference on Security symposium10.5555/1496711.1496720(123-138)Online publication date: 28-Jul-2008
https://dl.acm.org/doi/10.5555/1496711.1496720

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents