Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks

Jeman Park; Daehun Nyang; Aziz Mohaisen

doi:10.1109/PST.2018.8514210

Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks

Jeman Park, Daehun Nyang, Aziz Mohaisen

Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.

Original language	English
Title of host publication	2018 16th Annual Conference on Privacy, Security and Trust, PST 2018
Editors	Robert H. Deng, Stephen Marsh, Jason Nurse, Rongxing Lu, Sakir Sezer, Paul Miller, Liqun Chen, Kieran McLaughlin, Ali Ghorbani
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781538674932
DOIs	https://doi.org/10.1109/PST.2018.8514210
State	Published - 29 Oct 2018
Event	16th Annual Conference on Privacy, Security and Trust, PST 2018 - Belfast, Northern Ireland, United Kingdom Duration: 28 Aug 2018 → 30 Aug 2018

Publication series

Name	2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

Conference

Conference	16th Annual Conference on Privacy, Security and Trust, PST 2018
Country/Territory	United Kingdom
City	Belfast, Northern Ireland
Period	28/08/18 → 30/08/18

Bibliographical note

Funding Information:
In this paper, we analyzed the impact of loose bots synchronization on the impact of VSI-DDoS, an advanced application-layer DDoS attack that is capable of bypassing existing defenses. Through the preliminary experiment, we fixed the six degrees of synchronization of the botnet and apply it to quantitatively evaluate the effect of the actual vsi attack. As a result, we demonstrate that even a moderate imperfections in bots time synchronization would degrade the impact of the VSI-DDoS attack, and pronounce it ineffective. Specifically, the effect of the VSI-DDoS attack at realistic synchronization level seems to make adversary’s goal difficult to be achieved. Mitigation to our main finding is possible, although it can creates a clear trade-off between the attack, its cost, and detection. In the future, we will theoretically and empirically explore analyzing the effort of the adversary to make the VSI-DDoS attack successful, including the minimum number of bots needed for such intensities in real world. Acknowledgement. This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757.

Funding Information:
This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757.

Publisher Copyright:
© 2018 IEEE.

Keywords

DDoS
evaluation
time synchronization

Access to Document

10.1109/PST.2018.8514210

Cite this

Park, J., Nyang, D., & Mohaisen, A. (2018). Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks. In R. H. Deng, S. Marsh, J. Nurse, R. Lu, S. Sezer, P. Miller, L. Chen, K. McLaughlin, & A. Ghorbani (Eds.), 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018 Article 8514210 (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/PST.2018.8514210

Park, Jeman ; Nyang, Daehun ; Mohaisen, Aziz. / Timing is Almost Everything : Realistic Evaluation of the Very Short Intermittent DDoS Attacks. 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018. editor / Robert H. Deng ; Stephen Marsh ; Jason Nurse ; Rongxing Lu ; Sakir Sezer ; Paul Miller ; Liqun Chen ; Kieran McLaughlin ; Ali Ghorbani. Institute of Electrical and Electronics Engineers Inc., 2018. (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018).

@inproceedings{2e722fcd382a44aa9cda9615fe5f7c25,

title = "Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks",

abstract = "Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.",

keywords = "DDoS, evaluation, time synchronization",

author = "Jeman Park and Daehun Nyang and Aziz Mohaisen",

note = "Funding Information: In this paper, we analyzed the impact of loose bots synchronization on the impact of VSI-DDoS, an advanced application-layer DDoS attack that is capable of bypassing existing defenses. Through the preliminary experiment, we fixed the six degrees of synchronization of the botnet and apply it to quantitatively evaluate the effect of the actual vsi attack. As a result, we demonstrate that even a moderate imperfections in bots time synchronization would degrade the impact of the VSI-DDoS attack, and pronounce it ineffective. Specifically, the effect of the VSI-DDoS attack at realistic synchronization level seems to make adversary{\textquoteright}s goal difficult to be achieved. Mitigation to our main finding is possible, although it can creates a clear trade-off between the attack, its cost, and detection. In the future, we will theoretically and empirically explore analyzing the effort of the adversary to make the VSI-DDoS attack successful, including the minimum number of bots needed for such intensities in real world. Acknowledgement. This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757. Funding Information: This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757. Publisher Copyright: {\textcopyright} 2018 IEEE.; 16th Annual Conference on Privacy, Security and Trust, PST 2018 ; Conference date: 28-08-2018 Through 30-08-2018",

year = "2018",

month = oct,

day = "29",

doi = "10.1109/PST.2018.8514210",

language = "English",

series = "2018 16th Annual Conference on Privacy, Security and Trust, PST 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Deng, {Robert H.} and Stephen Marsh and Jason Nurse and Rongxing Lu and Sakir Sezer and Paul Miller and Liqun Chen and Kieran McLaughlin and Ali Ghorbani",

booktitle = "2018 16th Annual Conference on Privacy, Security and Trust, PST 2018",

}

Park, J, Nyang, D & Mohaisen, A 2018, Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks. in RH Deng, S Marsh, J Nurse, R Lu, S Sezer, P Miller, L Chen, K McLaughlin & A Ghorbani (eds), 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018., 8514210, 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018, Institute of Electrical and Electronics Engineers Inc., 16th Annual Conference on Privacy, Security and Trust, PST 2018, Belfast, Northern Ireland, United Kingdom, 28/08/18. https://doi.org/10.1109/PST.2018.8514210

Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks. / Park, Jeman; Nyang, Daehun; Mohaisen, Aziz.
2018 16th Annual Conference on Privacy, Security and Trust, PST 2018. ed. / Robert H. Deng; Stephen Marsh; Jason Nurse; Rongxing Lu; Sakir Sezer; Paul Miller; Liqun Chen; Kieran McLaughlin; Ali Ghorbani. Institute of Electrical and Electronics Engineers Inc., 2018. 8514210 (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Timing is Almost Everything

T2 - 16th Annual Conference on Privacy, Security and Trust, PST 2018

AU - Park, Jeman

AU - Nyang, Daehun

AU - Mohaisen, Aziz

N1 - Funding Information: In this paper, we analyzed the impact of loose bots synchronization on the impact of VSI-DDoS, an advanced application-layer DDoS attack that is capable of bypassing existing defenses. Through the preliminary experiment, we fixed the six degrees of synchronization of the botnet and apply it to quantitatively evaluate the effect of the actual vsi attack. As a result, we demonstrate that even a moderate imperfections in bots time synchronization would degrade the impact of the VSI-DDoS attack, and pronounce it ineffective. Specifically, the effect of the VSI-DDoS attack at realistic synchronization level seems to make adversary’s goal difficult to be achieved. Mitigation to our main finding is possible, although it can creates a clear trade-off between the attack, its cost, and detection. In the future, we will theoretically and empirically explore analyzing the effort of the adversary to make the VSI-DDoS attack successful, including the minimum number of bots needed for such intensities in real world. Acknowledgement. This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757. Funding Information: This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757. Publisher Copyright: © 2018 IEEE.

PY - 2018/10/29

Y1 - 2018/10/29

N2 - Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.

AB - Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.

KW - DDoS

KW - evaluation

KW - time synchronization

UR - http://www.scopus.com/inward/record.url?scp=85063433886&partnerID=8YFLogxK

U2 - 10.1109/PST.2018.8514210

DO - 10.1109/PST.2018.8514210

M3 - Conference contribution

AN - SCOPUS:85063433886

T3 - 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

BT - 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018

A2 - Deng, Robert H.

A2 - Marsh, Stephen

A2 - Nurse, Jason

A2 - Lu, Rongxing

A2 - Sezer, Sakir

A2 - Miller, Paul

A2 - Chen, Liqun

A2 - McLaughlin, Kieran

A2 - Ghorbani, Ali

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 28 August 2018 through 30 August 2018

ER -

Park J, Nyang D, Mohaisen A. Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks. In Deng RH, Marsh S, Nurse J, Lu R, Sezer S, Miller P, Chen L, McLaughlin K, Ghorbani A, editors, 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018. Institute of Electrical and Electronics Engineers Inc. 2018. 8514210. (2018 16th Annual Conference on Privacy, Security and Trust, PST 2018). doi: 10.1109/PST.2018.8514210

Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this