Thursday, January 28, 2016
SPEAKER: Min Suk Kang, CMU
TITLE: Non-traditional DDoS Attacks Against the Internet Infrastructure: Attack Strategies, Exploitable Vulnerabilities, and Potential Defenses
In this presentation, I review recent results regarding non-traditional DDoS attacks and potential defense mechanisms. First, I review a non-traditional type of link-flooding attack, called the Crossfire attack, which targets and floods a set of network links in core Internet infrastructure, such as backbone links in large ISP networks. Using Internet-scale measurements and simulations, I show that the attack can cause huge connectivity losses to cities, states, or even countries for hours or even days. Second, I introduce the notion of the routing bottlenecks, or small sets of network links that carry the vast majority of Internet routes, and show that it is a fundamental property of Internet design; i.e., it is a consequence of route-cost minimizations. I also illustrate the pervasiveness of routing bottlenecks around the world, and measure their susceptibility to the Crossfire attack. Finally, I explore the possibility of building a practical defense mechanism that effectively removes the advantages of DDoS adversaries and deters them from launching attacks. The proposed defense mechanism utilizes a software-defined networking (SDN) architecture to protect large ISP networks from non-traditional DDoS attacks.