TY - JOUR
T1 - DDoS defense by offense
AU - Walfish, Michael
AU - Vutukuru, Mythili
AU - Balakrishnan, Hari
AU - Karger, David
AU - Shenker, Scott
PY - 2006/10
Y1 - 2006/10
N2 - This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.
AB - This paper presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth and will react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidth. This result makes the defense viable and effective for a class of real attacks.
KW - Bandwidth
KW - Currency
KW - DoS attack
UR - http://www.scopus.com/inward/record.url?scp=33750366503&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33750366503&partnerID=8YFLogxK
U2 - 10.1145/1151659.1159948
DO - 10.1145/1151659.1159948
M3 - Article
AN - SCOPUS:33750366503
SN - 0146-4833
VL - 36
SP - 303
EP - 314
JO - Computer Communication Review
JF - Computer Communication Review
IS - 4
ER -