DDoS defense by offense

Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, Scott Shenker

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.

Original languageEnglish (US)
Title of host publicationComputer Communication Review
Pages303-314
Number of pages12
Volume36
Edition4
DOIs
StatePublished - Oct 2006

Fingerprint

Servers
Bandwidth
Program processors
Experiments

Keywords

  • Bandwidth
  • Currency
  • DoS attack

ASJC Scopus subject areas

  • Information Systems

Cite this

Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., & Shenker, S. (2006). DDoS defense by offense. In Computer Communication Review (4 ed., Vol. 36, pp. 303-314) https://doi.org/10.1145/1151659.1159948

DDoS defense by offense. / Walfish, Michael; Vutukuru, Mythili; Balakrishnan, Hari; Karger, David; Shenker, Scott.

Computer Communication Review. Vol. 36 4. ed. 2006. p. 303-314.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Walfish, M, Vutukuru, M, Balakrishnan, H, Karger, D & Shenker, S 2006, DDoS defense by offense. in Computer Communication Review. 4 edn, vol. 36, pp. 303-314. https://doi.org/10.1145/1151659.1159948
Walfish M, Vutukuru M, Balakrishnan H, Karger D, Shenker S. DDoS defense by offense. In Computer Communication Review. 4 ed. Vol. 36. 2006. p. 303-314 https://doi.org/10.1145/1151659.1159948
Walfish, Michael ; Vutukuru, Mythili ; Balakrishnan, Hari ; Karger, David ; Shenker, Scott. / DDoS defense by offense. Computer Communication Review. Vol. 36 4. ed. 2006. pp. 303-314
@inproceedings{6deadb8c9d144889a64c20f396cba217,
title = "DDoS defense by offense",
abstract = "This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.",
keywords = "Bandwidth, Currency, DoS attack",
author = "Michael Walfish and Mythili Vutukuru and Hari Balakrishnan and David Karger and Scott Shenker",
year = "2006",
month = "10",
doi = "10.1145/1151659.1159948",
language = "English (US)",
volume = "36",
pages = "303--314",
booktitle = "Computer Communication Review",
edition = "4",

}

TY - GEN

T1 - DDoS defense by offense

AU - Walfish, Michael

AU - Vutukuru, Mythili

AU - Balakrishnan, Hari

AU - Karger, David

AU - Shenker, Scott

PY - 2006/10

Y1 - 2006/10

N2 - This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.

AB - This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.

KW - Bandwidth

KW - Currency

KW - DoS attack

UR - http://www.scopus.com/inward/record.url?scp=33750366503&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33750366503&partnerID=8YFLogxK

U2 - 10.1145/1151659.1159948

DO - 10.1145/1151659.1159948

M3 - Conference contribution

VL - 36

SP - 303

EP - 314

BT - Computer Communication Review

ER -