Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.
|Title of host publication||HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies|
|Publisher||Association for Computing Machinery, Inc|
|State||Published - 14 Oct 2017|
|Event||5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017 - San Jose, United States|
Duration: 14 Oct 2017 → …
|Name||HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies|
|Conference||5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017|
|Period||14/10/17 → …|
Bibliographical noteFunding Information:
Œis research was supported by a grant from the Blavatnik Cyber Security Councile, by a grant of the European Research Council (ERC) Starting Grant no. 259085, and by the Ministry of Science and Technology, Israel.
© 2017 Copyright held by the owner/author(s).