Columbia University Joint CS/EE Networking Seminar Series

Ensuring QoS During Bandwidth DDoS Attacks

Moti Geva

Bar Ilan University, Israel

Nov. 29, 3:00PM CISE Conference Room 1021, CEPSR SCHAPIRO

Abstract: Internet services are indispensable -- and yet, vulnerable to Denial of Service (DoS) attacks, and especially to Distributed DoS (DDoS) attacks. DDoS attacks have increased in importance, number and strength over the years, becoming a major problem. In recent survey of network operators, DDoS was the most common identified `significant threat' (71% of respondants). Furthermore, significant growth in size of attacks (in bytes and packets) and in their sophistication is reported. In this talk we focus on DDoS attacks, where many attacking agents cooperate to cause excessive bandwidth load on a victim host or network.  

We present two schemes to mitigate bandwidth DDoS attacks. The first scheme is called QoS over DoS prone networks (QoSoDoS), and the second Backward Traffic Throttling (BTT). QoSoDoS is an end-to-end protocol which ensures timely delivery of time sensitive messages over unreliable network. QoSoDoS is based on scheduling multiple transmissions of packets while attempting to minimize overhead and load, and avoiding self-creation of DoS. BTT is an efficient, decentralized, core (router) based scheme. Upon bandwidth congestion BTT employs three mechanisms to throttle excessive traffic, namely: prioritize legitimate flows, shape traffic, and request upstream BTT nodes to similarly prioritize and shape traffic.  Flow prioritizing parameters are determined independently by each BTT server, based on typical traffic estimations. BTT is  easily deployed: it requires no changes to routers, and does not modify traffic. Instead, BTT configures routers' queuing discipline and traffic shapers.  

The talk is based on the following papers:  Moti Geva and Amir Herzberg, QoSoDoS: If You Can't Beat Them, Join Them! In Proc. The 30th IEEE International Conference on Computer Communications (INFOCOM 2011), Shanghai, P.R. China, 2011. Yehushua Gev, Moti Geva and Amir Herzberg, Backward Traffic Throttling to Mitigate Bandwidth Floods to appear in Proc. Globecom 2012 - Communication and Information System Security Symposium (GC12 CISS), Anaheim, CA, USA, 2012.

Speaker Biography: Moti Geva is PhD candidate at Bar Ilan University, Ramat-Gan Israel. His doctoral research (2008 - current) is conducted under the supervision of Prof. Amir Herzberg. He received his MSc in computer science from Bar Ilan University at 2006, and his BSc in Software Engineering from the Jerusalem College of Technology Jerusalem (2002). Between the years 2002-2008, he has been involved in advanced research and development at the Israeli Defence Forces (2002-2008), where he served as Group Leader, Team Leader and System Engineer. His research focuses on networking, security and operating systems.