Evaluating the vulnerability of network mechanisms to sophisticated DDoS attacks

Udi Ben-Porat*, Anat Bremler-Barr, Hanoch Levy

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The design of computer and communication systems has been based, for decades, on the fundamental assumption that the objective of all users is to improve their own performance. In recent years we have experienced a wave of DDoS attacks threatening the welfare of the internet. These are launched by malicious users whose pure incentive is to degrade the performance of other, innocent, users. The traditional systems turn out to be quite vulnerable to these attacks. The objective of this work is to take a first step to close this fundamental gap, aiming at laying a foundation that can be used in future computer/network designs taking into account the malicious users. Our approach is based on proposing a metric that evaluates the vulnerability of a system. We then evaluate the commonly used data structure in network mechanisms, the hash data structure, using our vulnerability metric. We show that a Closed Hash is much more vulnerable than an Open Hash to DDoS attacks, even though the two systems are considered to be equivalent via traditional performance evaluation. We also apply the metric to queueing mechanisms common to computer and communications systems. Lastly we apply it to the practical case of a hash table whose requests are controlled by a queue, showing that even after the attack has ended, the regular users still suffer from performance degradation or even a total denial of service.

Original languageEnglish
Title of host publicationINFOCOM 2008
Subtitle of host publication27th IEEE Communications Society Conference on Computer Communications
Pages266-270
Number of pages5
DOIs
StatePublished - 2008
EventINFOCOM 2008: 27th IEEE Communications Society Conference on Computer Communications - Phoenix, AZ, United States
Duration: 13 Apr 200818 Apr 2008

Publication series

NameProceedings - IEEE INFOCOM
ISSN (Print)0743-166X

Conference

ConferenceINFOCOM 2008: 27th IEEE Communications Society Conference on Computer Communications
Country/TerritoryUnited States
CityPhoenix, AZ
Period13/04/0818/04/08

Fingerprint

Dive into the research topics of 'Evaluating the vulnerability of network mechanisms to sophisticated DDoS attacks'. Together they form a unique fingerprint.

Cite this