Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
作者: Dina Katabi , Srikanth Kandula , Matthias Jacob , Arthur Berger
关键词:
摘要: Recent denial of service attacks are mounted by professionals using Botnets tens thousands compromised machines. To circumvent detection, attackers increasingly moving away from bandwidth floods to that mimic the Web browsing behavior a large number clients, and target expensive higher-layer resources such as CPU, database disk bandwidth. The resulting hard defend against standard techniques, malicious requests differ legitimate ones in intent but not content.We present design implementation Kill-Bots, kernel extension protect servers DDoS masquerade flash crowds. Kill-Bots provides authentication graphical tests is different other systems use tests. First, uses an intermediate stage identify IP addresses ignore test, persistently bombard server with despite repeated failures at solving These machines bots because their congest server. Once these identified, blocks requests, turns off, allows access users who unable or unwilling solve Second, sends test checks client's answer without allowing unauthenticated clients sockets, TCBs, worker processes. Thus, it protects mechanism being DDoSed. Third, combines admission control. As result, improves performance, regardless whether overload caused true Flash Crowd.
acm.org
akamai.com 参考文章(35)
Chilin Shih, Daniel P. Lopresti, Greg Kochanski, A Reverse Turing Test using speech conference of the international speech communication association. ,(2002)
Ludmila Cherkasova, Peter Phaal, Session Based Admission Control: A Mechanism for Improving the Performance of an Overloaded Web Server ,(1998)
Ari Juels, John G. Brainard, Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks. network and distributed system security symposium. ,(1999)
David Culler, Matt Welsh, Adaptive overload control for busy internet servers usenix symposium on internet technologies and systems. pp. 4- 4 ,(2003)
Jeffrey C. Mogul, K. K. Ramakrishnan, Eliminating receive livelock in an interrupt-driven kernel usenix annual technical conference. pp. 9- 9 ,(1996)
Vern Paxson, Stuart Staniford, Nicholas Weaver, How to Own the Internet in Your Spare Time usenix security symposium. pp. 149- 167 ,(2002)
Tyron Stading, Petros Maniatis, Mary Baker, Peer-to-Peer Caching Schemes to Address Flash Crowds international workshop on peer to peer systems. ,vol. 2429, pp. 203- 213 ,(2002) , 10.1007/3-540-45748-8_19
Thomer M. Gil, Massimiliano Poletto, MULTOPS: a data-structure for bandwidth attack detection usenix security symposium. pp. 3- 3 ,(2001) , 10.21236/ADA401819
Geoffrey M. Voelker, Stefan Savage, David Moore, Inferring internet denial-of-service activity usenix security symposium. pp. 2- 2 ,(2001)
David Mazières, A Toolkit for User-Level File Systems usenix annual technical conference. pp. 261- 274 ,(2001)