DDoS defense by offense
Author(s)
Walfish, Michael; Vutukuru, Mythili; Balakrishnan, Hari; Karger, David R.; Shenker, Scott
DownloadBalakrishnan-DDos Defense.pdf (295.8Kb)
OPEN_ACCESS_POLICY
Open Access Policy
Creative Commons Attribution-Noncommercial-Share Alike
Terms of use
Metadata
Show full item recordAbstract
This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.
Date issued
2010-03Department
Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory; Massachusetts Institute of Technology. Department of Electrical Engineering and Computer ScienceJournal
ACM Transactions on Computer Systems
Publisher
Association for Computing Machinery
Citation
Walfish, Michael et al. “DDoS Defense by Offense.” ACM Transactions on Computer Systems 28.1 (2010): 1–54. Web.
Version: Author's final manuscript
ISSN
0734-2071