research-article

CICADAS: Congesting the Internet with Coordinated and Decentralized Pulsating Attacks

Authors:

Hsu-Chun Hsiao,

Vyas SekarAuthors Info & Claims

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

Pages 699 - 710

https://doi.org/10.1145/2897845.2897866

Published: 30 May 2016 Publication History

Abstract

This study stems from the premise that we need to break away from the "reactive" cycle of developing defenses against new DDoS attacks (e.g., amplification) by proactively investigating the potential for new types of DDoS attacks. Our specific focus is on pulsating attacks, a particularly debilitating type that has been hypothesized in the literature. In a pulsating attack, bots coordinate to generate intermittent pulses at target links to significantly reduce the throughput of TCP connections traversing the target. With pulsating attacks, attackers can cause significantly greater damage to legitimate users than traditional link flooding attacks. To date, however, pulsating attacks have been either deemed ineffective or easily defendable for two reasons: (1) they require a central coordinator and can thus be tracked; and (2) they require tight synchronization of pulses, which is difficult even in normal non-congestion scenarios. This paper argues that, in fact, the perceived drawbacks of pulsating attacks are in fact not fundamental. We develop a practical pulsating attack called CICADAS using two key ideas: using both (1) congestion as an implicit signal for decentralized implementation, and (2) a Kalman-filter-based approach to achieve tight synchronization. We validate CICADAS using simulations and wide-area experiments. We also discuss possible countermeasures against this attack.

References

[1]

ATLAS Q2 2015 Global DDoS Attack Trends. http://www.slideshare.net/Arbor_Networks/atlas-q2--2015final.

[2]

Open Resolver Project. http://openresolverproject.org/.

[3]

Spike DDoS Toolkit Threat Advisory. https://www.stateoftheinternet.com/resources-web-security-threat-advisories-2014-multi-platform-botnet-spike.html.

[4]

K. Argyraki and D. R. Cheriton. Active Internet Traffic Filtering: Real-Time Response to Denial-of-Service Attacks. In Proceedings of USENIX ATEC, 2005.

Digital Library

[5]

C. Basescu, R. M. Reischuk, P. Szalachowski, A. Perrig, Y. Zhang, H.-C. Hsiao, A. Kubota, and J. Urakawa. SIBRA: Scalable Internet Bandwidth Reservation Architecture. In Proceedings of NDSS, 2016.

[6]

Y. Chen and K. Hwang. Collaborative detection and filtering of Shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 66(9):1137--1151, Sept. 2006.

Digital Library

[7]

P. Ferguson and D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2827 (Best Current Practice), May 2000. Updated by RFC 3704.

Digital Library

[8]

M. Guirguis, A. Bestavros, and I. Matta. Bandwidth Stealing via Link-Targeted RoQ Attakcs. In Proceedings on Communication and Computer Networks, 2004.

[9]

M. Guirguis, A. Bestavros, and I. Matta. Exploiting the Transients of Adaptation for RoQ Attacks on Internet Resources. In Proceedings of IEEE ICNP, 2004.

Digital Library

[10]

N. Hu, L. Li, Z. Mao, P. Steenkiste, and J. Wang. Locating Internet bottlenecks: Algorithms, measurements, and implications. SIGCOMM Comput. Commun. Rev., 34(4):41--54, 2004.

Digital Library

[11]

M. S. Kang and V. Gligor. Routing Bottlenecks in the Internet: Causes, Exploits, and Countermeasures. In Proceedings of ACM CCS, 2014.

Digital Library

[12]

M. S. Kang, S. B. Lee, and V. D. Gligor. The Crossfire Attack. In Proceedings of IEEE Symposium on Security and Privacy, 2013.

Digital Library

[13]

D. Kostoulas, D. Psaltoulis, I. Gupta, K. Birman, and A. Demers. Decentralized Schemes for Size Estimation in Large and Dynamic Groups. In Proceedings of IEEE International Symposium on Network Computing and Applications, 2005.

Digital Library

[14]

A. Kuzmanovic and E. Knightly. Low-Rate TCP-Targeted Denial of Service Attacks: the Shrew vs. the Mice and Elephants. In Proceedings of the ACM SIGCOMM, 2003.

Digital Library

[15]

Y. Kwok, R. Tripathi, Y. Chen, and K. Hwang. HAWK: Halting Anomalies with Weighted ChoKing to Rescue Well-Behaved TCP Sessions from Shrew DDoS Attacks. Networking and Mobile Computing, 3169(August):1--10, 2005.

Digital Library

[16]

X. Liu, A. Li, X. Yang, and D. Wetherall. Passport: Secure and Adoptable Source Authentication. In Proceedings of USENIX/ACM NSDI, 2008.

Digital Library

[17]

X. Luo and R. Chang. On a New Class of Pulsing Denial-of-Service Attacks and the Defense. In Proceedings of NDSS, 2005.

[18]

R. Mahajan, S. Floyd, and D. Wetherall. Controlling High-Bandwidth Flows at the Congested Router. In proceedings of IEEE ICNP, 2001.

Digital Library

[19]

L. Massoulié and E. L. Merrer. Peer Counting and Sampling in Overlay Networks: Random Walk Methods. In Proceedings of ACM PODC, 2006.

Digital Library

[20]

J. Mirkovic and P. Reiher. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review, 34(2):39--53, 2004.

Digital Library

[21]

M. Motiwala, M. Elmore, N. Feamster, and S. Vempala. Path splicing. In Proceedings of ACM SIGCOMM, 2008.

Digital Library

[22]

R. Pan, L. Breslau, B. Prabhakar, and S. Shenker. Approximate Fairness Through Differential Dropping. ACM SIGCOMM Computer Communication Review, 33(2):23, Apr. 2003.

Digital Library

[23]

T. Peng, C. Leckie, and K. Ramamohanarao. Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Computing Surveys, 39(1), Apr. 2007.

Digital Library

[24]

P. Ramamurthy, V. Sekar, A. Akella, B. Krishnamurthy, and A. Shaikh. Remote Profiling of Resource Constraints of Web Servers Using Mini-Flash Crowds. In Proceedings of USENIX ATC, 2008.

Digital Library

[25]

R. Rasti, M. Murthy, and V. Paxson. Temporal Lensing and its Application in Pulsing Denial of Service Attacks. In Proceedings of IEEE Symposium on Security and Privacy, 2015.

Digital Library

[26]

C. Rossow. Amplification Hell: Revisiting Network Protocols for DDoS Abuse. In Proceedings of NDSS, 2014.

[27]

A. Stavrou and A. D. Keromytis. Countering DoS attacks with stateless multipath overlays. In Proceedings of ACM CCS, 2005.

Digital Library

[28]

I. Stoica, S. Shenker, and H. Zhang. Core-Stateless Fair Queueing: A Scalable Architecture to Approximate Fair Bandwidth Allocations in High-Speed Networks. IEEE/ACM Transactions on Networking, 11(1):33--46, Feb. 2003.

Digital Library

[29]

J. Strauss, D. Katabi, and F. Kaashoek. A measurement study of available bandwidth estimation tools. In Proceedings of ACM SIGCOMM IMC, 2003.

Digital Library

[30]

A. Studer and A. Perrig. The Coremelt Attack. In Proceedings of ESORICS, 2009.

Digital Library

[31]

A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In Proceedings of IEEE Symposium on Security and Privacy, 2004.

[32]

X. Yang, G. Tsudik, and X. Liu. A Technical Approach to Net Neutrality. In Proceedings of Hotnets-V Workshop, 2006.

[33]

S. T. Zargar, J. Joshi, and D. Tipper. A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys and Tutorials, 15(4):2046--2069, 2013.

[34]

Y. Zhang, Z. M. Mao, and J. Wang. Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing. In Proceedings of NDSS, 2007.

Cited By

Li XWu DDuan HLi Q(2024)DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00264(4478-4496)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00264
Gu XWang QLiu JWei J(2024)Grunt Attack: Exploiting Execution Dependencies in Microservices2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00025(115-128)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00025
Bocu RIavich M(2024)Enhanced detection of low-rate DDoS attack patterns using machine learning modelsJournal of Network and Computer Applications10.1016/j.jnca.2024.103903227(103903)Online publication date: Jul-2024
https://doi.org/10.1016/j.jnca.2024.103903
Show More Cited By

Index Terms

CICADAS: Congesting the Internet with Coordinated and Decentralized Pulsating Attacks
1. Security and privacy
  1. Network security
  2. Systems security
    1. Denial-of-service attacks

Recommendations

Tail Attacks on Web Applications
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

As the extension of Distributed Denial-of-Service (DDoS) attacks to application layer in recent years, researchers pay much interest in these new variants due to a low-volume and intermittent pattern with a higher level of stealthiness, invaliding the ...
On Modeling Counteraction against TCP SYN Flooding
Information Networking. Towards Ubiquitous Networking and Services

One of the main problems of network security is Distributed Denial of Service (DDoS) caused by TCP SYN packet flooding. To counteract SYN flooding attack, several defense methods have been proposed. In this paper we investigate a survivability of ...
A new and comprehensive taxonomy of DDoS attacks and defense mechanism
ISP'07: Proceedings of the 6th WSEAS international conference on Information security and privacy

Distributed denial of services (DDoS) is the most important security problem for IT managers. These attacks are very simple organized for intruders and hence so disruptive. Moreover, its serious damage has been increased, the detection and defense of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

May 2016

958 pages

ISBN:9781450342339

DOI:10.1145/2897845

General Chair:
Xiaofeng Chen
Xidian University, China
,
Program Chairs:
XiaoFeng Wang
Indiana University at Bloomington, USA
,
Xinyi Huang
Fujian Normal University, China

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '16

Sponsor:

SIGSAC

ASIA CCS '16: ACM Asia Conference on Computer and Communications Security

May 30 - June 3, 2016

Xi'an, China

Acceptance Rates

ASIA CCS '16 Paper Acceptance Rate 73 of 350 submissions, 21%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
257
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)3

Reflects downloads up to 26 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li XWu DDuan HLi Q(2024)DNSBomb: A New Practical-and-Powerful Pulsing DoS Attack Exploiting DNS Queries-and-Responses2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00264(4478-4496)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00264
Gu XWang QLiu JWei J(2024)Grunt Attack: Exploiting Execution Dependencies in Microservices2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00025(115-128)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00025
Bocu RIavich M(2024)Enhanced detection of low-rate DDoS attack patterns using machine learning modelsJournal of Network and Computer Applications10.1016/j.jnca.2024.103903227(103903)Online publication date: Jul-2024
https://doi.org/10.1016/j.jnca.2024.103903
Shi LLi JSisodia DZhang MDainotti AReiher P(2024)DDoS Mitigation Dilemma Exposed: A Two-Wave Attack with Collateral Damage of MillionsSecurity and Privacy in Communication Networks10.1007/978-3-031-64954-7_2(25-44)Online publication date: 15-Oct-2024
https://doi.org/10.1007/978-3-031-64954-7_2
Lu TDing XShang JZhao PZhang H(2024)DoSat: A DDoS Attack on the Vulnerable Time-Varying Topology of LEO Satellite NetworksApplied Cryptography and Network Security10.1007/978-3-031-54773-7_11(265-282)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54773-7_11
Shi LLi JZhang MReiher P(2022)On Capturing DDoS Traffic Footprints on the InternetIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.307408619:4(2755-2770)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TDSC.2021.3074086
Rios VInacio PMagoni DFreire M(2022)Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A SurveyIEEE Access10.1109/ACCESS.2022.319143010(76648-76668)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3191430
Fang KYan GMayrhofer RRoland M(2020)Paging storm attacks against 4G/LTE networks from regional Android botnetsProceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3395351.3399347(295-305)Online publication date: 8-Jul-2020
https://dl.acm.org/doi/10.1145/3395351.3399347
Cao PWu YBanerjee SAzoff JWithers AKalbarczyk ZIyer RLorch JYu M(2019)CAUDITProceedings of the 16th USENIX Conference on Networked Systems Design and Implementation10.5555/3323234.3323288(667-682)Online publication date: 26-Feb-2019
https://dl.acm.org/doi/10.5555/3323234.3323288
Tran MKang MHsiao HChiang WTung SWang Y(2019)On the Feasibility of Rerouting-Based DDoS Defenses2019 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2019.00055(1169-1184)Online publication date: May-2019
https://doi.org/10.1109/SP.2019.00055
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents