| Title | Mitigating DNS Random Subdomain DDoS Attacks by Distinct Heavy Hitters Sketches |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Feibish, Shir Landau, Afek, Yehuda, Bremler-Barr, Anat, Cohen, Edith, Shagam, Michal |
| Conference Name | Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5527-8 |
| Keywords | composability, edge detection, Metrics, pubcrawl, resilience, Resiliency, Scalability, security |
| Abstract | Random Subdomain DDoS attacks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent attacks (e.g., recent Mirai attack on Dyn). In these attacks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these attacks we designed and implemented novel and efficient algorithms for distinct heavy hitters (dHH). A (classic) heavy hitter (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of !key, subkey? pairs, (!domain, subdomain?) a distinct heavy hitter (dhh) is a key that is paired with a large number of different subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Specifically the new fixed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS attacks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms. |
| URL | http://doi.acm.org/10.1145/3132465.3132474 |
| DOI | 10.1145/3132465.3132474 |
| Citation Key | feibish_mitigating_2017 |
Mitigating DNS Random Subdomain DDoS Attacks by Distinct Heavy Hitters Sketches