Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, Scott Shenker
ACM SIGCOMM 2006, Pisa, Italy, September 2006
This paper presents the design, implementation, analysis, and experimental
evaluation of speak-up, a defense against application-level distributed
denial-of-service (DDoS), in which attackers cripple a server by
sending legitimate-looking requests that consume computational resources
(e.g., CPU cycles, disk). With speak-up, a victimized server encourages all
clients, resources permitting, to automatically send higher volumes of
traffic. We suppose that attackers are already using most of their upload
bandwidth so cannot react to the encouragement. Good clients, however, have
spare upload bandwidth and will react to the encouragement with drastically
higher volumes of traffic. The intended outcome of this traffic inflation is
that the good clients crowd out the bad ones, thereby capturing a much larger
fraction of the server's resources than before. We experiment under various
conditions and find that speak-up causes the server to spend resources on a
group of clients in rough proportion to their aggregate upload bandwidth. This
result makes the defense viable and effective for a class of real attacks.
[PDF (296KB)] [PostScript (2011KB)] [Gzipped PostScript (185KB)]
Bibtex Entry:
@inproceedings{walfish2006ddos, author = "Michael Walfish and Mythili Vutukuru and Hari Balakrishnan and David Karger and Scott Shenker", title = "{DDoS Defense by Offense}", booktitle = {ACM SIGCOMM 2006}, year = {2006}, month = {September}, address = {Pisa, Italy} }