TY - GEN
T1 - Timing is Almost Everything
T2 - 16th Annual Conference on Privacy, Security and Trust, PST 2018
AU - Park, Jeman
AU - Nyang, Daehun
AU - Mohaisen, Aziz
N1 - Funding Information:
In this paper, we analyzed the impact of loose bots synchronization on the impact of VSI-DDoS, an advanced application-layer DDoS attack that is capable of bypassing existing defenses. Through the preliminary experiment, we fixed the six degrees of synchronization of the botnet and apply it to quantitatively evaluate the effect of the actual vsi attack. As a result, we demonstrate that even a moderate imperfections in bots time synchronization would degrade the impact of the VSI-DDoS attack, and pronounce it ineffective. Specifically, the effect of the VSI-DDoS attack at realistic synchronization level seems to make adversary’s goal difficult to be achieved. Mitigation to our main finding is possible, although it can creates a clear trade-off between the attack, its cost, and detection. In the future, we will theoretically and empirically explore analyzing the effort of the adversary to make the VSI-DDoS attack successful, including the minimum number of bots needed for such intensities in real world. Acknowledgement. This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757.
Funding Information:
This work is supported in part by NSF grant CNS-1809000 and NRF grant 2016K1A1A2912757.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/10/29
Y1 - 2018/10/29
N2 - Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.
AB - Distributed Denial-of-Service (DDoS) is a big threat to the security and stability of Internet-based services today. Among the recent advanced application-layer DDoS attacks, the Very Short Intermittent DDoS (VSI-DDoS) is the attack, which can bypass existing detection systems and significantly degrade the QoS experienced by users of web services. However, in order for the VSI-DDoS attack to work effectively, bots participating in the attack should be tightly synchronized, an assumption that is difficult to be met in reality. In this paper, we conducted a quantitative analysis to understand how a minimal deviation from perfect synchronization in botnets affects the performance and effectiveness of the VSI-DDoS attack. We found that VSI-DDoS became substantially less effective. That is, it lost 85.7% in terms of effectiveness under about 90ms synchronization inaccuracy, which is a very small inaccuracy under normal network conditions.
KW - DDoS
KW - evaluation
KW - time synchronization
UR - http://www.scopus.com/inward/record.url?scp=85063433886&partnerID=8YFLogxK
U2 - 10.1109/PST.2018.8514210
DO - 10.1109/PST.2018.8514210
M3 - Conference contribution
AN - SCOPUS:85063433886
T3 - 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018
BT - 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018
A2 - Deng, Robert H.
A2 - Marsh, Stephen
A2 - Nurse, Jason
A2 - Lu, Rongxing
A2 - Sezer, Sakir
A2 - Miller, Paul
A2 - Chen, Liqun
A2 - McLaughlin, Kieran
A2 - Ghorbani, Ali
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 28 August 2018 through 30 August 2018
ER -