Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches

Shir Landau Feibish, Yehuda Afek, Anat Bremler-Barr, Edith Cohen, Michal Shagam

نتاج البحث: فصل من :كتاب / تقرير / مؤتمرمنشور من مؤتمرمراجعة النظراء

ملخص

Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.

اللغة الأصليةالإنجليزيّة
عنوان منشور المضيفHotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies
ناشرAssociation for Computing Machinery, Inc
رقم المعيار الدولي للكتب (الإلكتروني)9781450355278
المعرِّفات الرقمية للأشياء
حالة النشرنُشِر - 14 أكتوبر 2017
الحدث5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017 - San Jose, الولايات المتّحدة
المدة: ١٤ أكتوبر ٢٠١٧ → …

سلسلة المنشورات

الاسمHotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

!!Conference

!!Conference5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017
الدولة/الإقليمالولايات المتّحدة
المدينةSan Jose
المدة١٤/١٠/١٧ → …

ملاحظة ببليوغرافية

Funding Information:
Œis research was supported by a grant from the Blavatnik Cyber Security Councile, by a grant of the European Research Council (ERC) Starting Grant no. 259085, and by the Ministry of Science and Technology, Israel.

Publisher Copyright:
© 2017 Copyright held by the owner/author(s).

قم بذكر هذا