Aggregate-Based Congestion Control for Pulse-Wave DDoS Defense
dc.contributor.author
Gran Alcoz, Albert
dc.contributor.author
Strohmeier, Martin
dc.contributor.author
Lenders, Vincent
dc.contributor.author
Vanbever, Laurent
dc.date.accessioned
2022-10-03T09:28:30Z
dc.date.available
2022-10-03T09:28:30Z
dc.date.issued
2022-08
dc.identifier.isbn
978-1-4503-9420-8
en_US
dc.identifier.other
10.1145/3544216.3544263
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/573969
dc.description.abstract
Pulse-wave DDoS attacks are a new type of volumetric attack formed by short, high-rate traffic pulses. Such attacks target the Achilles' heel of state-of-The-Art DDoS defenses: Their reaction time. By continuously adapting their attack vectors, pulse-wave attacks manage to render existing defenses ineffective. In this paper, we leverage programmable switches to build an in-network DDoS defense effective against pulse-wave attacks. To do so, we revisit Aggregate-based Congestion Control (ACC): A mechanism proposed two decades ago to manage congestion events caused by high-bandwidth traffic aggregates. While ACC proved efficient in inferring and controlling DDoS attacks, it cannot keep up with the speed requirements of pulse-wave attacks. We propose ACC-Turbo, a renewed version of ACC that infers attack patterns by applying online-clustering techniques in the network and mitigates them by leveraging programmable packet scheduling. By doing so, ACC-Turbo identifies attacks at line rate and in real-Time, and rate-limits attack traffic on a per-packet basis. We fully implement ACC-Turbo in P4 and evaluate it on a wide range of attack scenarios. Our evaluation shows that ACC-Turbo autonomously identifies DDoS attack vectors in an unsupervised manner and rapidly mitigates pulse-wave DDoS attacks. We also show that ACC-Turbo runs on existing hardware (Intel Tofino).
en_US
dc.language.iso
en
en_US
dc.publisher
Association for Computing Machinery
en_US
dc.subject
Network Security
en_US
dc.subject
DDoS
en_US
dc.subject
Pulse-Wave DDoS
en_US
dc.subject
ACC
en_US
dc.subject
Aggregate-Based Congestion Control
en_US
dc.subject
Programmable Scheduling
en_US
dc.subject
Network Defenses
en_US
dc.title
Aggregate-Based Congestion Control for Pulse-Wave DDoS Defense
en_US
dc.type
Conference Paper
dc.date.published
2022-08-22
ethz.book.title
SIGCOMM '22: Proceedings of the ACM SIGCOMM 2022 Conference
en_US
ethz.pages.start
693
en_US
ethz.pages.end
706
en_US
ethz.event
36th ACM SiGCOMM Conference (SIGCOMM 2022)
en_US
ethz.event.location
Amsterdam, Netherlands
en_US
ethz.event.date
August 22-26, 2022
en_US
ethz.notes
Conference lecture on August 26, 2022
en_US
ethz.identifier.wos
ethz.identifier.scopus
ethz.publication.place
New York, NY
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02640 - Inst. f. Technische Informatik und Komm. / Computer Eng. and Networks Lab.::09477 - Vanbever, Laurent / Vanbever, Laurent
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02640 - Inst. f. Technische Informatik und Komm. / Computer Eng. and Networks Lab.::09477 - Vanbever, Laurent / Vanbever, Laurent
en_US
ethz.date.deposited
2022-07-19T07:12:03Z
ethz.source
SCOPUS
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2022-10-03T09:28:36Z
ethz.rosetta.lastUpdated
2023-02-07T06:54:40Z
ethz.rosetta.versionExported
true
dc.identifier.olduri
http://hdl.handle.net/20.500.11850/572975
dc.identifier.olduri
http://hdl.handle.net/20.500.11850/558662
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Aggregate-Based%20Congestion%20Control%20for%20Pulse-Wave%20DDoS%20Defense&rft.date=2022-08&rft.spage=693&rft.epage=706&rft.au=Gran%20Alcoz,%20Albert&Strohmeier,%20Martin&Lenders,%20Vincent&Vanbever,%20Laurent&rft.isbn=978-1-4503-9420-8&rft.genre=proceeding&rft_id=info:doi/10.1145/3544216.3544263&rft.btitle=SIGCOMM%20'22:%20Proceedings%20of%20the%20ACM%20SIGCOMM%202022%20Conference
Files in this item
Files | Size | Format | Open in viewer |
---|---|---|---|
There are no files associated with this item. |
Publication type
-
Conference Paper [36595]