While distributed denial-of-service (DDoS) attacks are easy to launch and are becoming more damaging, the defense against DDoS attacks often suffers from the lack of relevant knowledge of the DDoS traffic, including the paths the DDoS traffic has used, the source addresses (spoofed or not) that appear along each path, and the amount of traffic per path or per source. Though IP traceback and path inference approaches could be considered, they are either expensive and hard to deploy or inaccurate. We propose PathFinder, a service that a DDoS defense system can use to obtain the footprints of the DDoS traffic to the victim as is. It introduces a PFTrie data structure with multiple design features to log traffic at line rate, and is easy to implement and deploy on today’s Internet. We show that PathFinder can significantly improve the efficacy of a DDoS defense system, while PathFinder itself is fast and has a manageable overhead, as shown in the evaluations via both synthetic and real-world DDoS traces.
In IFIP 2018,
Disruptive events, such as large-scale power outages, undersea cable cuts, or security attacks, could have an impact on the Internet and cause the Internet to deviate from its normal state of operation, which we also refer to as an “Internet earthquake.” As the Internet is a large, complex moving target, unfortunately little research has been done to define, observe, quantify, and analyze such impact on the Internet, whether it is during a past event period or in real time. In this paper, we devise an Internet seismograph, or I-seismograph, to fill this gap. Since routing is the most basic function of the Internet and the Border Gateway Protocol (BGP) is the de facto standard inter-domain routing protocol, we focus on BGP to observe, measure, and analyze the Internet earthquakes. After defining what an impact to BGP entails, we describe how I-seismograph observes and measures the impact, exemplify its usage during both old and recent disruptive events, and further validate its accuracy and convergency. Finally, we show that I-seismograph can further be used to help analyze what happened to BGP while BGP experienced an impact, including which autonomous systems (AS) were affected most or which AS paths or path segments surged significantly in BGP updates during an Internet earthquake.
In IEEE/ACM ToN,
End hosts in today’s Internet have the best knowledge of the type of traffic they should receive, but they play no active role in traffic engineering. Traffic engineering is conducted by ISPs, which unfortunately are blind to specific user needs. End hosts are therefore subject to unwanted traffic, particularly from Distributed Denial of Service (DDoS) attacks. This research proposes a new system called DrawBridge to address this traffic engineering dilemma. By realizing the potential of software-defined networking (SDN), in this research we investigate a solution that enables end hosts to use their knowledge of desired traffic to improve traffic engineering during DDoS attacks.
In ACM CCR,