Yo-Yo Attack: Vulnerability In Auto-scaling Mechanism

Abstract

In the last few years, more and more public and private networks rely on cloud and virtualization to provide the service while meeting their SLA commitments. One attractive property of the cloud is its support for rapid elasticity the ability to scale the number of machines up and down according to the load on the machine, which can be configured to occur automatically, according to customer-set thresholds. This auto-scaling mechanism provides an ability to cope with many of the basic Distributed Denial of Service (DDoS) attacks (as describe in [4]), but opens the door to a new type of attack, the Economic Denial of Sustainability attacks (EDoS) [2]. In DDoS, an attacker overwhelms the victim with bogus traffic, blocking the service from legitimate users. With a cloud-based operation, the auto-scaling mechanism ensures that a victim can cope with an attack by providing the victim with more resources to handle the attack. This solution, however, comes with an economic penalty termed EDoS, since the victim needs to pay for the extra not beneficial resources that process the bogus traffic. In many DoS attacks, the danger of the attack impact is mitigated by the expected cost to the attacker: the more effort required on the side of the attacker, who has to invest in generating large amounts of traffic, the less likely it is to occur. In this work we present the ’Yo-Yo attack’, an efficient attack on the auto-scaling mechanism, which results in an Economic Denial of Sustainability attack (EDoS) that is difficult to detect. The attack cycles between two phases repeatedly: In the on-attack phase, the attacker sends a short burst of traffic that causes the auto-scaling mechanism to perform a scale up. In the off-attack phase, the attacker stops sending the excess traffic. This second phase takes