Visible to the public Biblio

Filters: Author is Powell, W.  [Clear All Filters]
2015-05-05
Quan Jia, Huangxin Wang, Fleck, D., Fei Li, Stavrou, A., Powell, W..  2014.  Catch Me If You Can: A Cloud-Enabled DDoS Defense. Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on. :264-275.

We introduce a cloud-enabled defense mechanism for Internet services against network and computational Distributed Denial-of-Service (DDoS) attacks. Our approach performs selective server replication and intelligent client re-assignment, turning victim servers into moving targets for attack isolation. We introduce a novel system architecture that leverages a "shuffling" mechanism to compute the optimal re-assignment strategy for clients on attacked servers, effectively separating benign clients from even sophisticated adversaries that persistently follow the moving targets. We introduce a family of algorithms to optimize the runtime client-to-server re-assignment plans and minimize the number of shuffles to achieve attack mitigation. The proposed shuffling-based moving target mechanism enables effective attack containment using fewer resources than attack dilution strategies using pure server expansion. Our simulations and proof-of-concept prototype using Amazon EC2 [1] demonstrate that we can successfully mitigate large-scale DDoS attacks in a small number of shuffles, each of which incurs a few seconds of user-perceived latency.