Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches

Shir Landau Feibish; Yehuda Afek; Anat Bremler-Barr; Edith Cohen; Michal Shagam

doi:10.1145/3132465.3132474

Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches

Shir Landau Feibish, Yehuda Afek, Anat Bremler-Barr, Edith Cohen, Michal Shagam

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.

Original language	English
Title of host publication	HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies
Publisher	Association for Computing Machinery, Inc
ISBN (Electronic)	9781450355278
DOIs	https://doi.org/10.1145/3132465.3132474
State	Published - 14 Oct 2017
Event	5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017 - San Jose, United States Duration: 14 Oct 2017 → …

Publication series

Name	HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

Conference

Conference	5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017
Country/Territory	United States
City	San Jose
Period	14/10/17 → …

Bibliographical note

Funding Information:
Œis research was supported by a grant from the Blavatnik Cyber Security Councile, by a grant of the European Research Council (ERC) Starting Grant no. 259085, and by the Ministry of Science and Technology, Israel.

Publisher Copyright:
© 2017 Copyright held by the owner/author(s).

Access to Document

10.1145/3132465.3132474

Cite this

Landau Feibish, S., Afek, Y., Bremler-Barr, A., Cohen, E., & Shagam, M. (2017). Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches. In HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies Article a8 (HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies). Association for Computing Machinery, Inc. https://doi.org/10.1145/3132465.3132474

Landau Feibish, Shir ; Afek, Yehuda ; Bremler-Barr, Anat et al. / Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches. HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies. Association for Computing Machinery, Inc, 2017. (HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies).

@inproceedings{0c4ac9d5ee4c48cf8df3391ccedcbd6b,

title = "Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches",

abstract = "Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.",

author = "\{Landau Feibish\}, Shir and Yehuda Afek and Anat Bremler-Barr and Edith Cohen and Michal Shagam",

note = "Publisher Copyright: {\textcopyright} 2017 Copyright held by the owner/author(s).; 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017 ; Conference date: 14-10-2017",

year = "2017",

month = oct,

day = "14",

doi = "10.1145/3132465.3132474",

language = "אנגלית",

series = "HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies",

publisher = "Association for Computing Machinery, Inc",

booktitle = "HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies",

}

Landau Feibish, S, Afek, Y, Bremler-Barr, A, Cohen, E & Shagam, M 2017, Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches. in HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies., a8, HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, Association for Computing Machinery, Inc, 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017, San Jose, United States, 14/10/17. https://doi.org/10.1145/3132465.3132474

Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches. / Landau Feibish, Shir; Afek, Yehuda; Bremler-Barr, Anat et al.
HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies. Association for Computing Machinery, Inc, 2017. a8 (HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches

AU - Landau Feibish, Shir

AU - Afek, Yehuda

AU - Bremler-Barr, Anat

AU - Cohen, Edith

AU - Shagam, Michal

PY - 2017/10/14

Y1 - 2017/10/14

N2 - Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.

AB - Random Subdomain DDoS a.acks on the Domain Name System (DNS) infrastructure are becoming a popular vector in recent a.acks (e.g., recent Mirai a.ack on Dyn). In these a.acks, many queries are sent for a single or a few victim domains, yet they include highly varying non-existent subdomains generated randomly. Motivated by these a.acks we designed and implemented novel and efficient algorithms for distinct heavy hi.ers (dHH). A (classic) heavy hi.er (HH) in a stream of elements is a key (e.g., the domain of a query) which appears in many elements (e.g., requests). When stream elements consist of key, subkey¿ pairs, (domain, subdomain¿) a distinct heavy hi.er (dhh) is a key that is paired with a large number of di.erent subkeys. Our algorithms dominate previous designs in both the asymptotic (theoretical) sense and practicality. Speciffically the new .xed-size algorithms are simple to code and with asymptotically optimal space accuracy tradeoffs. Based on these algorithms, we build and implement a system for detection and mitigation of Random Subdomain DDoS a.acks. We perform experimental evaluation, demonstrating the effectiveness of our algorithms.

UR - https://www.scopus.com/pages/publications/85036652661

U2 - 10.1145/3132465.3132474

DO - 10.1145/3132465.3132474

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85036652661

T3 - HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

BT - HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies

PB - Association for Computing Machinery, Inc

T2 - 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb 2017

Y2 - 14 October 2017

ER -

Landau Feibish S, Afek Y, Bremler-Barr A, Cohen E, Shagam M. Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches. In HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies. Association for Computing Machinery, Inc. 2017. a8. (HotWeb 2017 - Proceedings of the 5th ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies). doi: 10.1145/3132465.3132474

Mitigating DNS random subdomain DDoS attacks by distinct heavy hitters sketches

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this