03-11-2012, 02:22 PM
Kill-Bots: Surviving DDoS Attacks That Mimic Legitimate Browsing
Kill-Bots.ppt (Size: 1.79 MB / Downloads: 41)
CyberSlam Attacks Happen!
Instances of CyberSlam
First FBI DDoS Case – Hired professionals hit competitor
Mafia extorts online gaming sites …
Code RED Worm
Why CyberSlam?
Avoid detection by NIDS & firewalls
High pay-off by targeting expensive resources
E.g., CPU, DB, Disk, processes, sockets
Large botnets are available
Threat Model
In scope
Attacks on higher layer bottlenecks, e.g., CPU, Memory, Database, Disk, processes, …
Attacks that fool the server to congest its uplink bandwidth
Mutating attacks
Outside the scope
Flooding server’s downlink (prior work)
Live-lock in the device driver
Kill-Bots’ Contributions
First to protect against CyberSlam
Solves problems with CAPTCHAs:
Cheap stateless authentication
Serves legit. users who don’t answer CAPTCHAs
Optimal balance between authentication & service
Improves performance during Flash Crowds
Order of magnitude improvement in goodput & response time
First to protect Web servers from DDoS attacks that mimic legitimate browsing
First to deal with CAPTCHA’s bias against legitimates users who don’t solve them
Sends CAPTCHA and checks answer without any server state
Addresses both DDoS attacks and Flash Crowds
Orders of magnitude better response time, goodput, and survivable attack rate