From Seek-and-Destroy to Split-and-Destroy: Connection Partitioning as an Effective Tool against Low-Rate DoS Attacks

IF 4.7 Q2 MATERIALS SCIENCE, BIOMATERIALS ACS Applied Bio Materials Pub Date : 2024-04-19 DOI:10.3390/fi16040137

Vyron Kampourakis, Georgios Michail Makrakis, C. Kolias

{"title":"From Seek-and-Destroy to Split-and-Destroy: Connection Partitioning as an Effective Tool against Low-Rate DoS Attacks","authors":"Vyron Kampourakis, Georgios Michail Makrakis, C. Kolias","doi":"10.3390/fi16040137","DOIUrl":null,"url":null,"abstract":"Low-rate Denial of Service (LDoS) attacks are today considered one of the biggest threats against modern data centers and industrial infrastructures. Unlike traditional Distributed Denial of Service (DDoS) attacks that are mainly volumetric, LDoS attacks exhibit a very small network footprint, and therefore can easily elude standard detection and defense mechanisms. This work introduces a defense strategy that may prove particularly effective against attacks that are based on long-lived connections, an inherent trait of LDoS attacks. Our approach is based on iteratively partitioning the active connections of a victim server across a number of replica servers, and then re-evaluating the health status of each replica instance. At its core, this approach relies on live migration and containerization technologies. The main advantage of the proposed approach is that it can discover and isolate malicious connections with virtually no information about the type and characteristics of the performed attack. Additionally, while the defense takes place, there is little to no indication of the fact to the attacker. We assess various rudimentary schemes to quantify the scalability of our approach. The results from the simulations indicate that it is possible to save the vast majority of the benign connections (80%) in less than 5 min.","PeriodicalId":2,"journal":{"name":"ACS Applied Bio Materials","volume":" 43","pages":""},"PeriodicalIF":4.7000,"publicationDate":"2024-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Bio Materials","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/fi16040137","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, BIOMATERIALS","Score":null,"Total":0}

引用次数: 0

Abstract

Low-rate Denial of Service (LDoS) attacks are today considered one of the biggest threats against modern data centers and industrial infrastructures. Unlike traditional Distributed Denial of Service (DDoS) attacks that are mainly volumetric, LDoS attacks exhibit a very small network footprint, and therefore can easily elude standard detection and defense mechanisms. This work introduces a defense strategy that may prove particularly effective against attacks that are based on long-lived connections, an inherent trait of LDoS attacks. Our approach is based on iteratively partitioning the active connections of a victim server across a number of replica servers, and then re-evaluating the health status of each replica instance. At its core, this approach relies on live migration and containerization technologies. The main advantage of the proposed approach is that it can discover and isolate malicious connections with virtually no information about the type and characteristics of the performed attack. Additionally, while the defense takes place, there is little to no indication of the fact to the attacker. We assess various rudimentary schemes to quantify the scalability of our approach. The results from the simulations indicate that it is possible to save the vast majority of the benign connections (80%) in less than 5 min.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

从 "寻找并摧毁 "到 "分割并摧毁"：连接分区是对抗低速率 DoS 攻击的有效工具

如今，低速率拒绝服务（LDoS）攻击被认为是现代数据中心和工业基础设施面临的最大威胁之一。传统的分布式拒绝服务（DDoS）攻击主要是体积攻击，而 LDoS 攻击则不同，它的网络足迹非常小，因此很容易躲过标准的检测和防御机制。本研究介绍了一种防御策略，该策略可能会被证明对基于长期连接的攻击特别有效，而长期连接正是 LDoS 攻击的固有特征。我们的方法基于在多个副本服务器之间迭代分割受害服务器的活动连接，然后重新评估每个副本实例的健康状况。这种方法的核心是实时迁移和容器化技术。所提方法的主要优势在于，它可以在几乎不了解所实施攻击的类型和特征的情况下发现并隔离恶意连接。此外，在防御过程中，攻击者几乎不会察觉到这一点。我们评估了各种初级方案，以量化我们方法的可扩展性。模拟结果表明，可以在 5 分钟内保存绝大多数良性连接（80%）。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

ACS Applied Bio Materials Chemistry-Chemistry (all)

CiteScore

9.40

自引率

2.10%

发文量

464

期刊介绍： ACS Applied Bio Materials is an interdisciplinary journal publishing original research covering all aspects of biomaterials and biointerfaces including and beyond the traditional biosensing, biomedical and therapeutic applications. The journal is devoted to reports of new and original experimental and theoretical research of an applied nature that integrates knowledge in the areas of materials, engineering, physics, bioscience, and chemistry into important bio applications. The journal is specifically interested in work that addresses the relationship between structure and function and assesses the stability and degradation of materials under relevant environmental and biological conditions.