Temporal CDN-Convex Lens: A CDN-Assisted Practical Pulsing DDoS Attack


Run Guo, Tsinghua University; Jianjun Chen, Tsinghua University and Zhongguancun Laboratory; Yihang Wang and Keran Mu, Tsinghua University; Baojun Liu, Tsinghua University and Zhongguancun Laboratory; Xiang Li, Tsinghua University; Chao Zhang, Tsinghua University and Zhongguancun Laboratory; Haixin Duan, Tsinghua University and Zhongguancun Laboratory and QI-ANXIN Technology Research Institute; Jianping Wu, Tsinghua University and Zhongguancun Laboratory


As one cornerstone of Internet infrastructure, Content Delivery Networks (CDNs) work as a globally distributed proxy platform between clients and websites, providing the functionalities of speeding up content delivery, offloading web traffic, and DDoS protection. In this paper, however, we reveal that inherent nature of CDN forwarding network can be exploited to compromise service availability.

We present a new class of pulsing denial of service attacks, named CDN-Convex attack. We explore the possibility of exploiting the CDN infrastructure as a converging lens, and concentrating low-rate attacking requests into short, high-bandwidth pulse waves, resulting in a pulsing DoS attack to saturate the targeted TCP services periodically. Through real-world experiments on five leading CDN vendors, we demonstrate that CDN-Convex is practical and flexible. We show that attackers can use it to achieve peak bandwidths over 1000 times greater than their upload bandwidth, seriously degrading the performance and availability of target services. Following the responsible disclosure policy, we have reported our attack details to all affected CDN vendors and proposed possible mitigation solutions.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {287356,
author = {Run Guo and Jianjun Chen and Yihang Wang and Keran Mu and Baojun Liu and Xiang Li and Chao Zhang and Haixin Duan and Jianping Wu},
title = {Temporal {CDN-Convex} Lens: A {CDN-Assisted} Practical Pulsing {DDoS} Attack},
booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
year = {2023},
isbn = {978-1-939133-37-3},
address = {Anaheim, CA},
pages = {6185--6202},
url = {https://www.usenix.org/conference/usenixsecurity23/presentation/guo-run},
publisher = {USENIX Association},
month = aug

Presentation Video