NSDI '08 Abstract
Pp. 4558 of the Proceedings
Phalanx: Withstanding Multimillion-Node Botnets
Colin Dixon, Thomas Anderson, and Arvind Krishnamurthy, University of Washington
Large-scale distributed denial of service (DoS) attacks are an
unfortunate everyday reality on the Internet. They are simple to
execute and with the growing prevalence and size of botnets more
effective than ever. Although much progress has been made in developing
techniques to address DoS attacks, no existing solution is unilaterally
deployable, works with the Internet model of open access and dynamic
routes, and copes with the large numbers of attackers typical of
In this paper, we present a novel DoS prevention scheme to address these issues.
Our goal is to define a system that could be deployed in the next few years
to address the danger from present-day massive botnets.
The system, called Phalanx,
leverages the power of swarms to combat DoS.
Phalanx makes only the modest assumption that the aggregate capacity
of the swarm exceeds that of the botnet. A client communicating with a
destination bounces its packets through a random sequence of end-host
mailboxes; because an attacker doesn't know the sequence, they can
disrupt at most only a fraction of the traffic, even for end-hosts with
low bandwidth access links. We use PlanetLab to show that this approach
can be both efficient and capable of withstanding attack. We further
explore scalability with a simulator running experiments on top of
measured Internet topologies.
- View the full text of this paper in HTML and PDF. Listen to the presentation in
The Proceedings are published as a collective work, © 2008 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.