A Demonstration of the DeDoS Platform for Defusing Asymmetric DDoS Attacks in Data Centers
Authors: 
Henri Maxime Demoulin, Tavish Vaidya, Isaac Pedisich, Nik Sultana, Bowen Wang, Jingyu Qian, Yuankai Zhang, Ang Chen, 
Andreas Haeberlen, Boon Thau Loo, Linh Thi Xuan Phan, Micah Sherr, Clay Shields, Wenchao ZhouAuthors Info & Claims
Henri Maxime Demoulin, Tavish Vaidya, Isaac Pedisich, Nik Sultana, Bowen Wang, Jingyu Qian, Yuankai Zhang, Ang Chen, Andreas Haeberlen, Boon Thau Loo, Linh Thi Xuan Phan, Micah Sherr, Clay Shields, Wenchao ZhouAuthors Info & ClaimsPages 71 - 73
Abstract
We propose a demonstration of DeDoS, a platform for mitigating asymmetric DDoS attacks. These attacks are particularly challenging since attackers using limited resources can exhaust the resources of even well-provisioned servers. DeDoS resolves this by splitting monolithic software stacks into separable components called minimum splittable units (MSUs). If part of the application stack is experiencing a DDoS attack, DeDoS can massively replicate only the affected MSUs, potentially across many machines. This allows scaling of the impacted resource separately from the rest of the application stack so that resources can be precisely added where needed to combat the attack. Our demonstration will show that DeDoS incurs reasonable overheads in normal operations and that it significantly outperforms naïve replication when defending against a range of asymmetric attacks.
References
[1]
Ang Chen, Akshay Sriraman, Tavish Vaidya, Yuankai Zhang, Andreas Haeberlen, Boon Thau Loo, Linh Thi Xuan Phan, Micah Sherr, Clay Shields, and Wenchao Zhou. 2016. Dispersing Asymmetric DDoS Attacks with SplitStack. In ACM Workshop on Hot Topics in Networks (HotNets).
[2]
Alain Gefflaut, Trent Jaeger, Yoonho Park, Jochen Liedtke, Kevin J. Elphinstone, Volkmar Uhlig, Jonathon E. Tidswell, Luke Deller, and Lars Reuther. 2000. The SawMill Multiserver Approach. In Proc 9th ACM SIGOPS European Workshop. 109--114.
[3]
IETF. 2011. SSL Renegotiation DoS. Accessed July 10, 2017 from https://www.ietf.org/mail-archive/web/tls/current/msg07553.html.
[4]
Christine Kern. 2016. Increased Use Of Multi-Vector DDoS Attacks Targeting Companies. http://www.bsminfo.com/doc/increased-use-of-multi-vector-ddos-attacks-targeting-companies-0001.
[5]
Eddie Kohler, Robert Morris, Benjie Chen, John Jannotti, and M. Frans Kaashoek. 2000. The Click Modular Router. ACM Trans. Comput. Syst. 18, 3, 263--297.
[6]
Boon Thau Loo, Tyson Condie, Minos Garofalakis, David E. Gay, Joseph M. Hellerstein, Petros Maniatis, Raghu Ramakrishnan, Timothy Roscoe, and Ion Stoica. 2009. Declarative networking. Comm. ACM 52, 11, 87--95.
[7]
OWASP. 2017. Regular expression Denial of Service - ReDoS. Accessed July 10, 2017 from https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS.
[8]
John Pescatore. 2014. DDoS Attacks Advancing and Enduring: A SANS Survey. Technical Report. SANS Institute.
[9]
Christian Rossow. 2014. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In Proc. NDSS.
[10]
Fabrice J. Ryba, Matthew Orlinski, Matthias Wählisch, Christian Rossow, and Thomas C. Schmidt. 2015. Amplification and DRDoS Attack Defense -- A Survey and New Perspectives. CoRR abs/1505.07892. http://arxiv.org/abs/1505.07892
[11]
David Senecal. 2013. Slow DoS on the Rise. https://blogs.akamai.com/2013/09/slow-dos-on-the-rise.html.
Index Terms
- A Demonstration of the DeDoS Platform for Defusing Asymmetric DDoS Attacks in Data Centers
Recommendations
Dispersing Asymmetric DDoS Attacks with SplitStack
HotNets '16: Proceedings of the 15th ACM Workshop on Hot Topics in NetworksThis paper presents SplitStack, an architecture targeted at mitigating asymmetric DDoS attacks. These attacks are particularly challenging, since attackers can use a limited amount of resources to trigger exhaustion of a particular type of system ...
DeDoS: Defusing DoS with Dispersion Oriented Software
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications ConferenceThis paper presents DeDoS, a novel platform for mitigating asymmetric DoS attacks. These attacks are particularly challenging since even attackers with limited resources can exhaust the resources of well-provisioned servers. DeDoS offers a framework to ...
Dynamic Binary User-Splits to Protect Cloud Servers from DDoS Attacks
ICCC '13: Proceedings of the Second International Conference on Innovative Computing and Cloud ComputingSeveral overlay-based solutions have been proposed to protect network servers from DoS/DDoS attacks. The common objective in the existing solutions is to prevent the attacking traffic from reaching the servers by hiding the location of target server ...
Comments
Information & Contributors
Information
Published In
August 2017
158 pages
ISBN:9781450350570
DOI:10.1145/3123878
Copyright © 2017 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 August 2017
Check for updates
Author Tags
Qualifiers
- Demonstration
- Research
- Refereed limited
Conference
SIGCOMM '17
Sponsor:
Acceptance Rates
Overall Acceptance Rate 92 of 158 submissions, 58%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 365Total Downloads
- Downloads (Last 12 months)58
- Downloads (Last 6 weeks)13
Reflects downloads up to 03 Feb 2025
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in