Towards the perfect DDoS aTTACK: The perfect storm

This paper proposes a novel model for instigating the “perfect” DDoS attack. Our model uses a combination of network feedback and coordination of attack rates and protocols to achieve a high level of service deniability and low detectability. We demonstrate via extensive simulations that our attack model achieves a higher impact as compared to the Shrew and the RoQ (Reduction of Quality) attacks while the detectability is low. The model adopts botnets in executing/realizing the perfect storm/attack in a real network. We show that executing the attack is not difficult at all. We then briefly describe failures of recent and most relevant detection approaches in mitigating these attacks. The failures of these schemes demonstrate low detectability of our proposed “perfect storm”.

[1]  Nirwan Ansari,et al.  Low rate TCP denial-of-service attack detection at edge routers , 2005, IEEE Communications Letters.

[2]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[3]  Sandeep K. Gupta,et al.  TCP vs. TCP: a systematic study of adverse impact of short-lived TCP flows on long-lived TCP flows , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[4]  Richard G. Baraniuk,et al.  pathChirp: Efficient available bandwidth estimation for network paths , 2003 .

[5]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[6]  David Ott,et al.  Tuning RED for Web traffic , 2001, TNET.

[7]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[8]  Allan Kuchinsky,et al.  Integrating user-perceived quality into Web server design , 2000, Comput. Networks.

[9]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[10]  Jin Cao,et al.  Stochastic models for generating synthetic HTTP source traffic , 2004, IEEE INFOCOM 2004.

[11]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[12]  R. Srikant,et al.  An adaptive virtual queue (AVQ) algorithm for active queue management , 2004, IEEE/ACM Transactions on Networking.

[13]  Chase Cotton,et al.  Packet-level traffic measurements from the Sprint IP backbone , 2003, IEEE Netw..

[14]  Neil Daswani,et al.  The Anatomy of Clickbot.A , 2007, HotBots.