Aggregate-Based Congestion Control for Pulse-Wave DDoS Defense
Abstract
Pulse-wave DDoS attacks are a new type of volumetric attack formed by short, high-rate traffic pulses. Such attacks target the Achilles’ heel of state-of-The-Art DDoS defenses: Their reaction time. By continuously adapting their attack vectors, pulse-wave attacks manage to render existing defenses ineffective. In this paper, we leverage programmable switches to build an in-network DDoS defense effective against pulse-wave attacks. To do so, we revisit Aggregate-based Congestion Control (ACC): A mechanism proposed two decades ago to manage congestion events caused by high-bandwidth traffic aggregates. While ACC proved efficient in inferring and controlling DDoS attacks, it cannot keep up with the speed requirements of pulse-wave attacks. We propose ACC-Turbo, a renewed version of ACC that infers attack patterns by applying online-clustering techniques in the network and mitigates them by leveraging programmable packet scheduling. By doing so, ACC-Turbo identifies attacks at line rate and in real-Time, and rate-limits attack traffic on a per-packet basis. We fully implement ACC-Turbo in P4 and evaluate it on a wide range of attack scenarios. Our evaluation shows that ACC-Turbo autonomously identifies DDoS attack vectors in an unsupervised manner and rapidly mitigates pulse-wave DDoS attacks. We also show that ACC-Turbo runs on existing hardware (Intel Tofino).
Research Areas: Data-Driven Networking, Network Programmability and Network Security
People
Talk
BibTex
@INPROCEEDINGS{alcoz2022aggregate-based,
isbn = {978-1-4503-9420-8},
doi = {10.1145/3544216.3544263},
year = {2022-08},
booktitle = {SIGCOMM '22: Proceedings of the ACM SIGCOMM 2022 Conference},
type = {Conference Paper},
author = {Gran Alcoz, Albert and Strohmeier, Martin and Lenders, Vincent and Vanbever, Laurent},
abstract = {Pulse-wave DDoS attacks are a new type of volumetric attack formed by short, high-rate traffic pulses. Such attacks target the Achilles' heel of state-of-The-Art DDoS defenses: Their reaction time. By continuously adapting their attack vectors, pulse-wave attacks manage to render existing defenses ineffective. In this paper, we leverage programmable switches to build an in-network DDoS defense effective against pulse-wave attacks. To do so, we revisit Aggregate-based Congestion Control (ACC): A mechanism proposed two decades ago to manage congestion events caused by high-bandwidth traffic aggregates. While ACC proved efficient in inferring and controlling DDoS attacks, it cannot keep up with the speed requirements of pulse-wave attacks. We propose ACC-Turbo, a renewed version of ACC that infers attack patterns by applying online-clustering techniques in the network and mitigates them by leveraging programmable packet scheduling. By doing so, ACC-Turbo identifies attacks at line rate and in real-Time, and rate-limits attack traffic on a per-packet basis. We fully implement ACC-Turbo in P4 and evaluate it on a wide range of attack scenarios. Our evaluation shows that ACC-Turbo autonomously identifies DDoS attack vectors in an unsupervised manner and rapidly mitigates pulse-wave DDoS attacks. We also show that ACC-Turbo runs on existing hardware (Intel Tofino).},
keywords = {Network Security; DDoS; Pulse-Wave DDoS; ACC; Aggregate-Based Congestion Control; Programmable Scheduling; Network Defenses},
language = {en},
address = {New York, NY},
publisher = {Association for Computing Machinery},
title = {Aggregate-Based Congestion Control for Pulse-Wave DDoS Defense},
PAGES = {693 - 706},
Note = {36th ACM SiGCOMM Conference (SIGCOMM 2022); Conference Location: Amsterdam, Netherlands; Conference Date: August 22-26, 2022; Conference lecture on August 26, 2022}
}Research Collection: 20.500.11850/573969
Slide Sources: https://gitlab.ethz.ch/projects/40919