MCA2: Multi-core architecture for mitigating complexity attacks

Yehuda Afek*, Anat Bremler-Barr, Yotam Harchol, David Hay, Yaron Koral

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This paper takes advantage of the emerging multi-core computer architecture to design a general framework for mitigating network-based complexity attacks. In complexity attacks, an attacker carefully crafts "heavy" messages (or packets) such that each heavy message consumes substantially more resources than a normal message. Then, it sends a sufficient number of heavy messages to bring the system to a crawl at best. In our architecture, called MCA2 - Multi-Core Architecture for Mitigating Complexity Attacks - cores quickly identify such suspicious messages and divert them to a fraction of the cores that are dedicated to handle all the heavy messages. This keeps the rest of the cores relatively unaffected and free to provide the legitimate traffic the same quality of service as if no attack takes place. We demonstrate the effectiveness of our architecture by examining cache-miss complexity attacks against Deep Packet Inspection (DPI) engines. For example, for Snort DPI engine, an attack in which 30% of the packets are malicious degrades the system throughput by over 50%, while with MCA2 the throughput drops by either 20% when no packets are dropped or by 10% in case dropping of heavy packets is allowed. At 60% malicious packets, the corresponding numbers are 70%, 40% and 23%.

Original languageEnglish
Title of host publicationANCS 2012 - Proceedings of the 8th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Pages235-246
Number of pages12
DOIs
StatePublished - 2012
Event8th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2012 - Austin, TX, United States
Duration: 29 Oct 201230 Oct 2012

Publication series

NameANCS 2012 - Proceedings of the 8th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Conference

Conference8th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2012
Country/TerritoryUnited States
CityAustin, TX
Period29/10/1230/10/12

Keywords

  • DDOS
  • complexity attack
  • intrusion detection
  • multi-core

Fingerprint

Dive into the research topics of 'MCA2: Multi-core architecture for mitigating complexity attacks'. Together they form a unique fingerprint.

Cite this