Non-traditional DDoS Attacks and Defenses

Min Suk Kang, Carnegie Mellon University
Host: Abhishek Jain

Today’s Internet has serious security problems. Of particular concern are distributed denial-of-service (DDoS) attacks, which coordinate large numbers of compromised machines to make a service unavailable to other users. DDoS attacks are a constant security threat with over 20,000 DDoS attacks occurring globally every day. They cause tremendous damage to businesses and have catastrophic consequences for national security. In particular, over the past few years, adversaries have started to turn their attention from traditional targets (e.g., end-point servers) to non-traditional ones (e.g., ISP backbone links) to cause much larger attack impact.

In this presentation, I will review recent results regarding non-traditional DDoS attacks and potential defense mechanisms. First, I will review a non-traditional type of link-flooding attack, called the Crossfire attack, which targets and floods a set of network links in core Internet infrastructure, such as backbone links in large ISP networks. Using Internet-scale measurements and simulations, I will show that the attack can cause huge connectivity losses to cities, states, or even countries for hours or even days. Second, I will introduce the notion of the routing bottlenecks, or small sets of network links that carry the vast majority of Internet routes, and show that it is a fundamental property of Internet design; i.e., it is a consequence of route-cost minimizations. I will also illustrate the pervasiveness of routing bottlenecks around the world, and measure their susceptibility to the Crossfire attack. Finally, I will explore the possibility of building a practical defense mechanism that effectively removes the advantages of DDoS adversaries and deters them from launching attacks. The proposed defense mechanism utilizes a software-defined networking (SDN) architecture to protect large ISP networks from non-traditional DDoS attacks.

Speaker Biography

Min Suk Kang is a Ph.D. candidate in Electrical and Computer Engineering (ECE) at Carnegie Mellon University. He is advised by Virgil D. Gligor in CyLab. Before he joined Carnegie Mellon, he worked as a researcher as part of Korean military duty at the Department of Information Technology at KAIST Institute. He received B.S. and M.S. degrees in Electrical Engineering and Computer Science (EECS) at Korea Advanced Institute of Science and Technology (KAIST) in 2006 and 2008, respectively. His research interests include network and distributed system security, wireless network security, and Internet user privacy.