Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.
|Title of host publication||2018 16th Annual Conference on Privacy, Security and Trust, PST 2018|
|Editors||Robert H. Deng, Stephen Marsh, Jason Nurse, Rongxing Lu, Sakir Sezer, Paul Miller, Liqun Chen, Kieran McLaughlin, Ali Ghorbani|
|Publisher||Institute of Electrical and Electronics Engineers Inc.|
|State||Published - 29 Oct 2018|
|Event||16th Annual Conference on Privacy, Security and Trust, PST 2018 - Belfast, Northern Ireland, United Kingdom|
Duration: 28 Aug 2018 → 30 Aug 2018
|Name||2018 16th Annual Conference on Privacy, Security and Trust, PST 2018|
|Conference||16th Annual Conference on Privacy, Security and Trust, PST 2018|
|City||Belfast, Northern Ireland|
|Period||28/08/18 → 30/08/18|
Bibliographical noteFunding Information:
In this paper, we analyzed the impact of loose bots synchronization on the impact of VSI-DDoS, an advanced application-layer DDoS attack that is capable of bypassing existing defenses. Through the preliminary experiment, we fixed the six degrees of synchronization of the botnet and apply it to quantitatively evaluate the effect of the actual vsi attack. As a result, we demonstrate that even a moderate imperfections in bots time synchronization would degrade the impact of the VSI-DDoS attack, and pronounce it ineffective. Specifically, the effect of the VSI-DDoS attack at realistic synchronization level seems to make adversary’s goal difficult to be achieved. Mitigation to our main finding is possible, although it can creates a clear trade-off between the attack, its cost, and detection. In the future, we will theoretically and empirically explore analyzing the effort of the adversary to make the VSI-DDoS attack successful, including the minimum number of bots needed for such intensities in real world. Acknowledgement. This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757.
This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757.
© 2018 IEEE.
- time synchronization