Show simple item record

dc.contributor.authorKandula, Srikanth
dc.contributor.authorKatabi, Dina
dc.contributor.authorJacob, Matthias
dc.contributor.authorBerger, Arthur
dc.contributor.otherNetworks and Mobile Systems
dc.date.accessioned2005-12-22T02:14:46Z
dc.date.available2005-12-22T02:14:46Z
dc.date.issued2004-10-22
dc.identifier.otherMIT-CSAIL-TR-2004-066
dc.identifier.otherMIT-LCS-TR-969
dc.identifier.urihttp://hdl.handle.net/1721.1/30497
dc.description.abstractRecent denial of service attacks are mounted by professionalsusing Botnets of tens of thousands of compromisedmachines. To circumvent detection, attackers areincreasingly moving away from pure bandwidth oods toattacks that mimic the Web browsing behavior of a largenumber of clients, and target expensive higher-layer resourcessuch as CPU, database and disk bandwidth. Theresulting attacks are hard to defend against using standardtechniques as the malicious requests differ from thelegitimate ones in intent but not in content.We present the design and implementation of Kill-Bots, a kernel extension to protect Web servers againstDDoS attacks that masquerade as ash crowds. Kill-Botsprovides authentication using graphical tests but is differentfrom other systems that use graphical tests. First,instead of authenticating clients based on whether theysolve the graphical test, Kill-Bots uses the test to quicklyidentify the IP addresses of the attack machines. Thisallows it to block the malicious requests while allowingaccess to legitimate users who are unable or unwillingto solve graphical tests. Second, Kill-Bots sends a testand checks the client's answer without allowing unauthenticatedclients access to sockets, TCBs, worker processes,etc. This protects the authentication mechanismfrom being DDoSed. Third, Kill-Bots combines authenticationwith admission control. As a result, it improvesperformance, regardless of whether the server overloadis caused by DDoS or a true Flash Crowd. We have implementedKill-Bots in the Linux kernel and evaluated itin the wide-area Internet using PlanetLab.
dc.format.extent15 p.
dc.format.extent27361453 bytes
dc.format.extent1271267 bytes
dc.format.mimetypeapplication/postscript
dc.format.mimetypeapplication/pdf
dc.language.isoen_US
dc.relation.ispartofseriesMassachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory
dc.titleBotz-4-Sale: Surviving Organized DDoS Attacks that Mimic Flash Crowds


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record