@inproceedings{2e722fcd382a44aa9cda9615fe5f7c25,
title = "Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks",
abstract = "Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.",
keywords = "DDoS, evaluation, time synchronization",
author = "Jeman Park and Daehun Nyang and Aziz Mohaisen",
note = "Funding Information: In this paper, we analyzed the impact of loose bots synchronization on the impact of VSI-DDoS, an advanced application-layer DDoS attack that is capable of bypassing existing defenses. Through the preliminary experiment, we fixed the six degrees of synchronization of the botnet and apply it to quantitatively evaluate the effect of the actual vsi attack. As a result, we demonstrate that even a moderate imperfections in bots time synchronization would degrade the impact of the VSI-DDoS attack, and pronounce it ineffective. Specifically, the effect of the VSI-DDoS attack at realistic synchronization level seems to make adversary{\textquoteright}s goal difficult to be achieved. Mitigation to our main finding is possible, although it can creates a clear trade-off between the attack, its cost, and detection. In the future, we will theoretically and empirically explore analyzing the effort of the adversary to make the VSI-DDoS attack successful, including the minimum number of bots needed for such intensities in real world. Acknowledgement. This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757. Funding Information: This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757. Publisher Copyright: {\textcopyright} 2018 IEEE.; null ; Conference date: 28-08-2018 Through 30-08-2018",
year = "2018",
month = oct,
day = "29",
doi = "10.1109/PST.2018.8514210",
language = "English",
series = "2018 16th Annual Conference on Privacy, Security and Trust, PST 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
editor = "Deng, {Robert H.} and Stephen Marsh and Jason Nurse and Rongxing Lu and Sakir Sezer and Paul Miller and Liqun Chen and Kieran McLaughlin and Ali Ghorbani",
booktitle = "2018 16th Annual Conference on Privacy, Security and Trust, PST 2018",
}