Home About USENIX Events Membership Publications Students
Security '05 Paper    [Security '05 Technical Program]

Empirical Study of Tolerating Denial-of-Service Attacks

 with a Proxy Network

 

Ju Wang, Xin Liu and Andrew A. Chien

Department of Computer Science and Engineering and

Center for Networked Systems

University of California, San Diego

jwang@cs.ucsd.edu, xinliu@cs.ucsd.edu, achien@ucsd.edu

 

Abstract

 

Proxy networks have been proposed to protect applications from Denial-of-Service (DoS) attacks.  However, since large-scale study in real networks is infeasible and most previous simulations have failed to capture detailed network behavior, the DoS resilience and performance implications of such use are not well understood in large networks. While post-mortems of actual large-scale attacks are useful, only limited dynamic behavior can be understood from these single instances.  Our work provides the first detailed and broad study of this problem in large-scale realistic networks.  The key is that we use an online network simulator to simulate a realistic large-scale network (comparable to several large ISPs).  We use a generic proxy network, and deploy it in a large simulated network using typical real applications and DoS tools directly.  We study detailed system dynamics under various attack scenarios and proxy network configurations.  Specific results are as follows.  First, rather than incurring a performance penalty, proxy networks can improve users’ experienced performance.  Second, proxy networks can effectively mitigate the impact of both spread and concentrated large-scale DoS attacks in large networks.  Third, proxy networks provide scalable DoS-resilience – resilience can be scaled up to meet the size of the attack, enabling application performance to be protected.  Resilience increases almost linearly with the size of a proxy network; that is, the attack traffic that a given proxy network can resist, while preserving a particular level of application performance, grows almost linearly with proxy network size.  These results provide empirical evidence that proxy networks can be used to tolerate DoS attacks and quantitative guidelines for designing a proxy network to meet a resilience goal.

                                                                                                                                                        


1 Introduction

Denial-of-Service (DoS) attacks continue to be key threat to Internet applications.  In such attacks, especially distributed DoS attacks, a set of attackers generates a huge amount of traffic, saturating the victim’s network, and causing significant damage. Overlay networks[1] have been proposed to protect applications against such DoS attacks [1-7] .  These overlay networks are also known as proxy networks [6, 8].  The key idea is to hide the application behind a proxy network, using the proxy network to mediate all communication between users and the application, thereby preventing direct attacks on the application. 

Realistic study of these approaches should involve large networks, real applications, and real attacks.  To date, however, studies of these approaches have been limited to theoretical analysis and small-scale experiments [1-7], which cannot capture the complex system dynamics, including packet drops, router queues, temporal and feedback behavior of network and application protocols during DoS attacks.  These factors are critical to the application and proxy network performance in the face of DoS attacks.  Thus, we still do not have answers to many key questions about the viability and properties of these proxy approaches.  Specifically, with real complex network structures and protocol behavior, can proxy networks tolerate DoS attacks?  If so, what are the key parameters to achieve effective and efficient resilience?  If we use proxy networks, what are the performance implications for applications?

Our approach exploits the recent availability of a detailed large-scale online network simulator – MicroGrid [9, 10] – to study proxy networks with real applications and real DoS attacks.  MicroGrid supports detailed packet-level simulation of large networks and use of unmodified applications.  With MicroGrid, we are able to make detailed performance studies in large networks environment with complex, typical application packages and real attack software.  Our studies include networks with up to 10,000 routers and 40 Autonomous Systems (ASes) with a physical extent comparable to the North American continent.  We believe this is the first empirical study of proxy networks for DoS resilience at large-scale, using real attacks, and in a realistic environment.

Our experiments explore a range of network sizes, proxy network configurations, attack parameters, and application characteristics. The key results are summarized below:

·         Rather than incurring a performance penalty, proxy networks can improve users’ experienced performance, reducing latency and increasing delivered bandwidth.  The intuition that indirection reduces performance turns out to be incorrect, as the improved TCP performance more than compensates.

·         Proxy networks can effectively mitigate the impact of both spread and concentrated large-scale DoS attacks in large network environment.  Our experiments have shown that a 192-node proxy network with 64 edge proxies (each connected by a 100Mbps uplink), can successfully resist a range of large-scale distributed DoS attacks with up to 6.0Gbps aggregated traffic and different attack load distribution; most users (>90%) do not experience significant performance degradation under these attack scenarios.

·         Proxy networks provide scalable DoS-resilience –resilience can be scaled up to meet the size of the attack, enabling application performance to be protected.  Resilience increases almost linearly with the size of a proxy network; that is, the attack traffic that a given proxy network can resist, while preserving a particular level of application performance, grows almost linearly with proxy network size.

These results provide empirical evidence that proxy networks can be used to tolerate DoS attacks and quantitative guidelines for designing a proxy network to meet a resilience goal.  

Our main contributions are the following.  First, we provide the first large-scale empirical study on the DoS resilience capability of proxy networks using real applications and real attacks; this is a qualitative advance over previous studies based on theoretical models and small scale experiments.  Second, we provide the first set of empirical evidence on large-scale network environment to prove that proxy networks have effective and scalable resilience against DoS attacks.  Third, we provide a detailed performance analysis of proxy networks in large-scale network environment, and show that, in contrast to intuition, proxy networks can improve user-experienced performance.

The remainder of the paper is organized as follows.  Section 2 provides background on the DoS problem and the proxy network approach.  Section 3 defines the problem, and describes our approach.  Section 4 briefly describes the MicroGrid simulation environment which provides new capabilities, enabling this research.  Section 5 presents results and analysis.  Section 6 discusses the implications of our studies, and relates our work to previous work.  Section 7 summarizes the results and discusses directions for future work.

2 Background

We briefly describe the applications of concern and the denial-of-service attacks that we study in this paper.  Then, we describe proxy network-based DoS defense scheme.

2.1 Internet Applications & Denial-of-Service Attacks