research-article

CoDef: collaborative defense against large-scale link-flooding attacks

Authors:

Virgil D. GligorAuthors Info & Claims

CoNEXT '13: Proceedings of the ninth ACM conference on Emerging networking experiments and technologies

Pages 417 - 428

https://doi.org/10.1145/2535372.2535398

Published: 09 December 2013 Publication History

Abstract

Large-scale botnet attacks against Internet links using low-rate flows cannot be effectively countered by any of the traditional rate-limiting and flow-filtering mechanisms deployed in individual routers. In this paper, we present a collaborative defense mechanism, called CoDef, which enables routers to distinguish low-rate attack flows from legitimate flows, and protect legitimate traffic during botnet attacks. CoDef enables autonomous domains that are uncontaminated by bots to collaborate during link flooding attacks and reroute their customers' legitimate traffic in response to requests from congested routers. Collaborative defense using multi-path routing favors legitimate traffic while limiting the bandwidth available to attack traffic at a congested link. We present CoDef's design and evaluate its effectiveness by exploring the domain-level path-diversity of the Internet and performing simulations under various traffic conditions.

References

[1]

Internet-Exchange Point, http://www.bgp4.as/internet-exchanges.

[2]

Multi-Topology Routing, http://www.cisco.com/en/US/docs/ios/12_2sr/12_2srb/feature/guide/srmtrdoc.html.

[3]

http://arstechnica.com/security/2013/04/can-a-ddos-break-the-internet-sure-just-not-all-of-it/.

[4]

http://cbl.abuseat.org/.

[5]

http://www.caida.org/data/active/as-relationships/.

[6]

D. Andersen, H. Balakrishnan, F. Kaashoek, and R. Morris. Resilient overlay networks. In SOSP '01:, New York, NY, USA, 2001. ACM.

Digital Library

[7]

D. G. Andersen, H. Balakrishnan, N. Feamster, T. Koponen, D. Moon, and S. Shenker. Accountable Internet Protocol (AIP). In Proc. ACM SIGCOMM, Seattle, WA, Aug. 2008.

Digital Library

[8]

Arbor Networks. Whitepaper: DDoS Attack Tools and Best-Practices for Defense, 2012.

[9]

K. Argyraki and D. R. Cheriton. Loose source routing as a mechanism for traffic policies. In FDNA '04.

Digital Library

[10]

J. Cao, W. S. Cleveland, Y. Gao, K. Jeffay, F. D. Smith, and M. Weigle. Stochastic models for generating synthetic http source traffic. In INFOCOMM, 2004.

[11]

M. Casado, T. Koponen, S. Shenker, and A. Tootoonchian. Fabric: a retrospective on evolving sdn. In Proceedings of HotSDN. ACM, 2012.

Digital Library

[12]

Cisco. BGP best path selection algorithm: How the best path algorithm works. Document ID: 13753, May 2012.

[13]

Daniel R. Simon and Sharad Agarwal and David A. Maltz. AS-Based Accountability as a Cost-effective DDoS Defense. HotBots '07, 2007.

Digital Library

[14]

L. Gao, T. G. Griffin, and J. Rexford. Inherently safe backup routing with bgp. In IEEE INFOCOM 2001, volume 1, pages 547--556, 2001.

[15]

S. Goldberg, M. Schapira, P. Hummon, and J. Rexford. How secure are secure interdomain routing protocols. In ACM SIGCOMM Computer Communication Review, volume 40, pages 87--98. ACM, 2010.

Digital Library

[16]

John Ioannidis and Steven M. Bellovin. Implementing Pushback: Router-Based Defense Against DDoS Attacks. In NDSS, 2002.

[17]

S. Kandula, D. Katabi, B. Davie, and A. Charny. Walking the tightrope: responsive yet stable traffic engineering. In SIGCOMM '05, 2005.

Digital Library

[18]

M. S. Kang, S. B. Lee, and V. D. Gligor. The Crossfire Attack. In Proceedings of IEEE Symposium on Security and Privacy, 2013.

Digital Library

[19]

Katerina Argyraki and David R. Cheriton. Active internet traffic filtering: real-time response to denial-of-service attacks. In ATEC '05.

Digital Library

[20]

S. B. Lee and V. Gligor. FLoc : Dependable link access for legitimate traffic in flooding attacks. In The 30th International Conference on Distributed Computing Systems, 2010.

Digital Library

[21]

S. B. Lee, V. D. Gligor, and A. Perrig. Dependable connection setup for network capabilities. In IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE, 2010.

[22]

M. Lepinski and S. Kent. An Infrastructure to Support Secure Internet Routing. RFC 6480, Feb. 2012.

[23]

X. Liu, A. Li, X. Yang, and D. Wetherall. Passport: Secure and adoptable source authentication. In NSDI, volume 8, pages 365--378, 2008.

Digital Library

[24]

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. Openflow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2):69--74, 2008.

Digital Library

[25]

M. Motiwala, M. Elmore, N. Feamster, and S. Vempala. Path splicing. In SIGCOMM, pages 27--38, 2008.

Digital Library

[26]

B. Parno, A. Perrig, and D. Andersen. SNAPP: Stateless network-authenticated path pinning. In Proceedings of the ACM ASIACCS, 2008.

Digital Library

[27]

P. Psenak, S. Mirtorabi, A. Roy, L. Nguyen, and P. Pillay-Esnault. RFC-4915: Multi-Topology (MT) Routing in OSPF. 2007.

[28]

Ratul Mahajan and Steven M. Bellovin and Sally Floyd and John Ioannidis and Vern Paxson and Scott Shenker. Controlling high bandwidth aggregates in the network. SIGCOMM Comput. Commun. Rev., 32(3):62--73, 2002.

Digital Library

[29]

E. Rosen, A. Viswanathan, and R. Callon. Rfc-3031: Multiprotocol label switching architecture. 2001.

Digital Library

[30]

A. Studer and A. Perrig. The coremelt attack. In Proceedings of ESORICS, 2009.

Digital Library

[31]

USC/ISI, Network Simulator 2 (NS2). http://www.isi.edu/nsnam/ns/.

[32]

Xiaowei Yang and David Wetherall and Thomas Anderson. A DoS-limiting network architecture. In SIGCOMM '05, 2005.

Digital Library

[33]

W. Xu and J. Rexford. Miro: multi-path interdomain routing. In SIGCOMM '06, pages 171--182, 2006.

Digital Library

[34]

A. Yaar, A. Perrig, and D. Song. SIFF: A Stateless Internet Flow Filter to Mitigate DDoS Flooding Attacks. In Proceedings of the IEEE Security and Privacy Symposium, 2004.

[35]

H. Yan, D. A. Maltz, T. E. Ng, H. Gogineni, H. Zhang, and Z. Cai. Tesseract: A 4D network control plane. In Proc. NSDI, 2007.

Digital Library

[36]

X. Yang and D. Wetherall. Source selectable path diversity via routing deflections. In SIGCOMM '06.

Digital Library

[37]

X. Zhang, H.-C. Hsiao, G. Hasker, H. Chan, A. Perrig, and D. G. Andersen. SCION: Scalability, control, and isolation on next-generation networks. In IEEE Symposium on Security and Privacy, 2011.

Digital Library

Cited By

Jiang XShi QMiao HCao WHe HChen SYang J(2024)Credible Link Flooding Attack Detection and Mitigation: A Blockchain-Based ApproachIEEE Transactions on Network and Service Management10.1109/TNSM.2024.335766021:3(3537-3554)Online publication date: Jun-2024
https://doi.org/10.1109/TNSM.2024.3357660
Lu TDing XShang JZhao PZhang H(2024)DoSat: A DDoS Attack on the Vulnerable Time-Varying Topology of LEO Satellite NetworksApplied Cryptography and Network Security10.1007/978-3-031-54773-7_11(265-282)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54773-7_11
Xie LMeng SYao WZhang X(2023)Differential Pricing Strategies for Bandwidth Allocation With LFA Resilience: A Stackelberg Game ApproachIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.329918118(4899-4914)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3299181
Show More Cited By

Index Terms

CoDef: collaborative defense against large-scale link-flooding attacks
1. Computer systems organization
2. Networks
  1. Network architectures

Recommendations

Routing Bottlenecks in the Internet: Causes, Exploits, and Countermeasures
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

How pervasive is the vulnerability to link-flooding attacks that degrade connectivity of thousands of Internet hosts? Are some geographic regions more vulnerable than others? Do practical countermeasures exist? To answer these questions, we introduce ...
On the Interplay of Link-Flooding Attacks and Traffic Engineering

Link-flooding attacks have the potential to disconnect even entire countries from the Internet. Moreover, newly proposed indirect link-flooding attacks, such as ``Crossfire'', are extremely hard to expose and, subsequently, mitigate effectively. Traffic ...
SENSS Against Volumetric DDoS Attacks
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference

Volumetric distributed denial-of-service (DDoS) attacks can bring any network to a halt. Because of their distributed nature and high volume, the victim often cannot handle these attacks alone and needs help from upstream ISPs. Today's Internet has no ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CoNEXT '13: Proceedings of the ninth ACM conference on Emerging networking experiments and technologies

December 2013

454 pages

ISBN:9781450321013

DOI:10.1145/2535372

General Chairs:
Kevin Almeroth
UC Santa Barbara, USA
,
Laurent Mathy
Université de Liège, Belgium
,
Program Chairs:
Konstantina Papagiannaki
Telefonica Research, Spain
,
Vishal Misra
Columbia University

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 December 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CoNEXT '13

Sponsor:

SIGCOMM

CoNEXT '13: Conference on emerging Networking Experiments and Technologies

December 9 - 12, 2013

California, Santa Barbara, USA

Acceptance Rates

CoNEXT '13 Paper Acceptance Rate 44 of 226 submissions, 19%;

Overall Acceptance Rate 198 of 789 submissions, 25%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

64
Total Citations
View Citations
602
Total Downloads

Downloads (Last 12 months)67
Downloads (Last 6 weeks)1

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jiang XShi QMiao HCao WHe HChen SYang J(2024)Credible Link Flooding Attack Detection and Mitigation: A Blockchain-Based ApproachIEEE Transactions on Network and Service Management10.1109/TNSM.2024.335766021:3(3537-3554)Online publication date: Jun-2024
https://doi.org/10.1109/TNSM.2024.3357660
Lu TDing XShang JZhao PZhang H(2024)DoSat: A DDoS Attack on the Vulnerable Time-Varying Topology of LEO Satellite NetworksApplied Cryptography and Network Security10.1007/978-3-031-54773-7_11(265-282)Online publication date: 29-Feb-2024
https://doi.org/10.1007/978-3-031-54773-7_11
Xie LMeng SYao WZhang X(2023)Differential Pricing Strategies for Bandwidth Allocation With LFA Resilience: A Stackelberg Game ApproachIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.329918118(4899-4914)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3299181
Zhou HHong SLiu YLuo XLi WGu G(2023)Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179404(3178-3192)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179404
Dutta AAl-Shaer EChatterjee SDuan Q(2023)Autonomous Cyber Defense Against Dynamic Multi-strategy Infrastructural DDoS Attacks2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10288937(1-9)Online publication date: 2-Oct-2023
https://doi.org/10.1109/CNS59707.2023.10288937
Karnani SAgrawal NKumar R(2023)A comprehensive survey on low-rate and high-rate DDoS defense approaches in SDN: taxonomy, research challenges, and opportunitiesMultimedia Tools and Applications10.1007/s11042-023-16781-083:12(35253-35306)Online publication date: 29-Sep-2023
https://doi.org/10.1007/s11042-023-16781-0
Lu NZhang JLiu XShi WMa J(2022)STOP: A Service Oriented Internet Purification Against Link Flooding AttacksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2022.315240617(938-953)Online publication date: 2022
https://doi.org/10.1109/TIFS.2022.3152406
Rezapour ATzeng W(2022)RL-Shield: Mitigating Target Link-Flooding Attacks Using SDN and Deep Reinforcement Learning Routing AlgorithmIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.311808119:6(4052-4067)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3118081
Giuliari GRoos DWyss MGarcía-Pardo JLegner MPerrig ACarle GOtt J(2021)ColibriProceedings of the 17th International Conference on emerging Networking EXperiments and Technologies10.1145/3485983.3494871(104-118)Online publication date: 2-Dec-2021
https://dl.acm.org/doi/10.1145/3485983.3494871
Zhang YArora SShirvanian MHuang JGu GBilge LDumitras T(2021)Practical Speech Re-use Prevention in Voice-driven ServicesProceedings of the 24th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3471621.3471855(282-295)Online publication date: 6-Oct-2021
https://dl.acm.org/doi/10.1145/3471621.3471855
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents