Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches

Shir Landau Feibish, Yehuda Afek, Anat Bremler-Barr, Edith Cohen, Michal Shagam

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.

Original languageEnglish
Title of host publicationHotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450355278
DOIs
StatePublished - 14 Oct 2017
Event5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017 - San Jose, United States
Duration: 14 Oct 2017 → …

Publication series

NameHotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

Conference

Conference5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017
Country/TerritoryUnited States
CitySan Jose
Period14/10/17 → …

Bibliographical note

Funding Information:
Œis research was supported by a grant from the Blavatnik Cyber Security Councile, by a grant of the European Research Council (ERC) Starting Grant no. 259085, and by the Ministry of Science and Technology, Israel.

Publisher Copyright:
© 2017 Copyright held by the owner/author(s).

Fingerprint

Dive into the research topics of 'Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches'. Together they form a unique fingerprint.

Cite this