Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs

One key adaptation mechanism often deployed in networking and computing systems is dynamic load balancing. The goal from employing dynamic load balancers is to ensure that the offered load would be judiciously distributed across resources to optimize the overall performance. To that end, this paper discovers and studies new instances of Reduction of Quality (RoQ) attacks that target the dynamic operation of load balancers. Our exposition is focused on a number of load balancing policies that are either employed in current commercial products or have been proposed in literature for future deployment. Through queuing theory analysis, numerical solutions, simulations and Internet experiments, we are able to assess the impact of RoQ attacks through the potency metric. We identify the key factors, such as feedback delay and averaging parameters, that expose the trade-offs between resilience and susceptibility to RoQ attacks. These factors could be used to harden load balancers against RoQ attacks. To the best of our knowledge, this work is the first to study adversarial exploits on the dynamic operation of load balancers.

[1]  Daniel M. Dias,et al.  A scalable and highly available web server , 1996, COMPCON '96. Technologies for the Information Superhighway Digest of Papers.

[2]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[3]  Philip S. Yu,et al.  Dynamic Load Balancing on Web-Server Systems , 1999, IEEE Internet Comput..

[4]  Mor Harchol-Balter,et al.  On Choosing a Task Assignment Policy for a Distributed Server System , 1998, J. Parallel Distributed Comput..

[5]  Mina Guirguis,et al.  Reduction-of-quality attacks on adaptation mechanisms , 2007 .

[6]  Douglas C. Schmidt,et al.  Optimizing Distributed System Performance via Adaptive Middleware Load Balancing , 2001 .

[7]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[8]  David Mosberger,et al.  httperf—a tool for measuring web server performance , 1998, PERV.

[9]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[10]  Bruce M. Maggs,et al.  Approximate load balancing on dynamic and asynchronous networks , 1993, STOC.

[11]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[12]  L Kleinrock,et al.  Processor Sharing Queueing Models of Mixed Scheduling Disciplines for Time Shared System , 1972, JACM.

[13]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[14]  Jeffrey C. Mogul,et al.  Network Behavior of a Busy Web Server and its Clients , 1999 .

[15]  Mikkel Thorup,et al.  Internet traffic engineering by optimizing OSPF weights , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[16]  Arnold O. Allen,et al.  Probability, statistics and queueing theory - with computer science applications (2. ed.) , 1981, Int. CMG Conference.

[17]  Marvin A. Sirbu,et al.  Distributed network storage service with quality-of-service guarantees , 2000, J. Netw. Comput. Appl..

[18]  A. Udaya Shankar,et al.  Response time distributions for a multi-class queue with feedback , 1980, PERFORMANCE '80.

[19]  Arnold O. Allen,et al.  Probablity, Statistics and Queueing Theory with Computer Science Applications, Second Edition , 1990, Int. CMG Conference.

[20]  Ludmila Cherkasova FLEX: load balancing and management strategy for scalable Web hosting service , 2000, Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.

[21]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.