We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Mitigating Low-volume DoS Attacks with Data-driven Resource Accounting

Abstract: Low-volume Denial-of-Service ({\mu}DoS) attacks have been demonstrated to fundamentally bypass traditional DoS mitigation schemes based on the flow and volume of network packets. In this paper, we propose a data-driven approach, called ROKI, that accurately tracks internal resource utilization and allocation associated with each packet (or session), making it possible to tame resource exhaustion caused by {\mu}DoS attacks. Since ROKI focuses on capturing the symptom of DoS, it can effectively mitigate previously unknown {\mu}DoS attacks. To enable a finer-grain resource tracking, ROKI provided in concept the accounting capabilities to each packet itself, so we called data-driven: it monitors resource utilization at the link, network, transport layers in the kernel, as well as application layers, and attributes back to the associated packet. Given the resource usages of each packet, ROKI can reclaim (or prevent) the system resources from malicious packets (or attackers) whenever it encounters system-wide resource exhaustion. To provide lightweight resource tracking, ROKI carefully multiplexes hardware performance counters whenever necessary. Our evaluation shows that ROKI's approach is indeed effective in mitigating real-world {\mu}DoS attacks with negligible performance overheads - incurring 3%-4% throughput and latency overheads on average when the system is throttled.
Subjects: Cryptography and Security (cs.CR)
ACM classes: D.4.6
Cite as: arXiv:2205.00056 [cs.CR]
  (or arXiv:2205.00056v1 [cs.CR] for this version)

Submission history

From: ChangSeok Oh [view email]
[v1] Fri, 29 Apr 2022 19:34:03 GMT (6864kb,D)

Link back to: arXiv, form interface, contact.