Visible to the public Catch Me If You Can: A Cloud-Enabled DDoS Defense

TitleCatch Me If You Can: A Cloud-Enabled DDoS Defense
Publication TypeConference Paper
Year of Publication2014
AuthorsQuan Jia, Huangxin Wang, Fleck, D., Fei Li, Stavrou, A., Powell, W.
Conference NameDependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on
Date PublishedJune
KeywordsAmazon EC2, attack dilution strategies, attack mitigation, client-server systems, client-to-server reassignment plans, cloud, cloud computing, cloud-enabled DDoS defense, computational distributed denial-of-service attacks, Computer architecture, Computer crime, computer network security, DDoS, intelligent client reassignment, Internet services, IP networks, large-scale DDoS attacks, moving target defense, moving target mechanism, moving targets, network attacks, optimal reassignment strategy, Servers, Shuffling, shuffling mechanism, system architecture, turning victim servers, Web and internet services
Abstract

We introduce a cloud-enabled defense mechanism for Internet services against network and computational Distributed Denial-of-Service (DDoS) attacks. Our approach performs selective server replication and intelligent client re-assignment, turning victim servers into moving targets for attack isolation. We introduce a novel system architecture that leverages a "shuffling" mechanism to compute the optimal re-assignment strategy for clients on attacked servers, effectively separating benign clients from even sophisticated adversaries that persistently follow the moving targets. We introduce a family of algorithms to optimize the runtime client-to-server re-assignment plans and minimize the number of shuffles to achieve attack mitigation. The proposed shuffling-based moving target mechanism enables effective attack containment using fewer resources than attack dilution strategies using pure server expansion. Our simulations and proof-of-concept prototype using Amazon EC2 [1] demonstrate that we can successfully mitigate large-scale DDoS attacks in a small number of shuffles, each of which incurs a few seconds of user-perceived latency.

DOI10.1109/DSN.2014.35
Citation Key6903585