MIT Libraries logoDSpace@MIT

MIT
View Item 
  • DSpace@MIT Home
  • Computer Science and Artificial Intelligence Lab (CSAIL)
  • CSAIL Digital Archive
  • CSAIL Technical Reports (July 1, 2003 - present)
  • View Item
  • DSpace@MIT Home
  • Computer Science and Artificial Intelligence Lab (CSAIL)
  • CSAIL Digital Archive
  • CSAIL Technical Reports (July 1, 2003 - present)
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Botz-4-Sale: Surviving Organized DDoS Attacks that Mimic Flash Crowds

Author(s)
Kandula, Srikanth; Katabi, Dina; Jacob, Matthias; Berger, Arthur
Thumbnail
DownloadMIT-CSAIL-TR-2004-066.ps (26.09Mb)
Additional downloads
Other Contributors
Networks and Mobile Systems
Metadata
Show full item record
Abstract
Recent denial of service attacks are mounted by professionalsusing Botnets of tens of thousands of compromisedmachines. To circumvent detection, attackers areincreasingly moving away from pure bandwidth oods toattacks that mimic the Web browsing behavior of a largenumber of clients, and target expensive higher-layer resourcessuch as CPU, database and disk bandwidth. Theresulting attacks are hard to defend against using standardtechniques as the malicious requests differ from thelegitimate ones in intent but not in content.We present the design and implementation of Kill-Bots, a kernel extension to protect Web servers againstDDoS attacks that masquerade as ash crowds. Kill-Botsprovides authentication using graphical tests but is differentfrom other systems that use graphical tests. First,instead of authenticating clients based on whether theysolve the graphical test, Kill-Bots uses the test to quicklyidentify the IP addresses of the attack machines. Thisallows it to block the malicious requests while allowingaccess to legitimate users who are unable or unwillingto solve graphical tests. Second, Kill-Bots sends a testand checks the client's answer without allowing unauthenticatedclients access to sockets, TCBs, worker processes,etc. This protects the authentication mechanismfrom being DDoSed. Third, Kill-Bots combines authenticationwith admission control. As a result, it improvesperformance, regardless of whether the server overloadis caused by DDoS or a true Flash Crowd. We have implementedKill-Bots in the Linux kernel and evaluated itin the wide-area Internet using PlanetLab.
Date issued
2004-10-22
URI
http://hdl.handle.net/1721.1/30497
Other identifiers
MIT-CSAIL-TR-2004-066
MIT-LCS-TR-969
Series/Report no.
Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory

Collections
  • CSAIL Technical Reports (July 1, 2003 - present)

Browse

All of DSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

My Account

Login

Statistics

OA StatisticsStatistics by CountryStatistics by Department
MIT Libraries
PrivacyPermissionsAccessibilityContact us
MIT
Content created by the MIT Libraries, CC BY-NC unless otherwise noted. Notify us about copyright concerns.