TY - JOUR
T1 - When mice devour the elephants
T2 - A DDoS attack against size-based scheduling schemes in the internet
AU - Serwadda, Abdul
AU - Phoha, Vir V.
PY - 2015/6/12
Y1 - 2015/6/12
N2 - Abstract Size-based scheduling (SBS) has been shown to offer significant performance improvement in Web servers and routers. However, most of the performance benefits offered by SBS rely on the premise that the scheduler will interact with a "well behaved" heavy tailed job size distribution. In this paper we design an attack that degrades the performance of an SBS scheduler by subjecting it to a job size distribution which violates the core traffic properties from which SBS derives its strengths. Through theoretical work and a wide range of experiments, we demonstrate the lethality of the attack against routers that use SBS. Additionally, we cite evidence that indicates why the tools and practical manoeuvres required to carry out the attack on a live network are within the reach of adversaries. As flavors of SBS begin to grace the Internet, the paper provides a timely cautionary note on the challenges that SBS could face if widely deployed without specialized defense mechanisms.
AB - Abstract Size-based scheduling (SBS) has been shown to offer significant performance improvement in Web servers and routers. However, most of the performance benefits offered by SBS rely on the premise that the scheduler will interact with a "well behaved" heavy tailed job size distribution. In this paper we design an attack that degrades the performance of an SBS scheduler by subjecting it to a job size distribution which violates the core traffic properties from which SBS derives its strengths. Through theoretical work and a wide range of experiments, we demonstrate the lethality of the attack against routers that use SBS. Additionally, we cite evidence that indicates why the tools and practical manoeuvres required to carry out the attack on a live network are within the reach of adversaries. As flavors of SBS begin to grace the Internet, the paper provides a timely cautionary note on the challenges that SBS could face if widely deployed without specialized defense mechanisms.
KW - Denial of service (DoS) attacks
KW - Network security
KW - Scheduling
KW - Simulation
KW - ns2
UR - http://www.scopus.com/inward/record.url?scp=84930942092&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84930942092&partnerID=8YFLogxK
U2 - 10.1016/j.cose.2015.04.014
DO - 10.1016/j.cose.2015.04.014
M3 - Article
AN - SCOPUS:84930942092
SN - 0167-4048
VL - 53
SP - 31
EP - 43
JO - Computers and Security
JF - Computers and Security
M1 - 901
ER -