/
Yo-Yo Attack :  DDoS Attack on Cloud Auto-scaling Mechanisms Yo-Yo Attack :  DDoS Attack on Cloud Auto-scaling Mechanisms

Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms - PowerPoint Presentation

crashwillow
crashwillow . @crashwillow
Follow
345 views
Uploaded On 2020-06-25

Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms - PPT Presentation

Supported by ERC starting grant IEEE INFOCOM 2017 Atlanta GA USA Mor Sides Anat Bremler Barr Eli Brosh Interdisciplinary Center Herzliya Israel Distributed Denial of Service ID: 787183

attack scale scaling auto scale attack auto scaling damage ddos cloud adaptive performance discrete economic cost extra attacker time

Share:

Link:

Embed:

Download Presentation from below link

Download The PPT/PDF document "Yo-Yo Attack : DDoS Attack on Cloud Aut..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms

Supported by ERC starting grant.

IEEE INFOCOM 2017, Atlanta, GA, USA

Mor

Sides, Anat Bremler-Barr, Eli BroshInterdisciplinary Center, Herzliya, Israel

Slide2

Distributed Denial of Service

DDoS creates

overload 

performance degradation

2

Slide3

Cloud as a DDoS solution

Common Belief : Cloud is a solution (auto-scaling)

Auto scaling: ability to add machines to cope with the overload

#2 in AWS best practices for DDoS ResiliencyNo performance degradation  Economic Damage Economic Denial of Sustainability attack (EDoS)VM 1

VM 2VM 3VM 4

3

Slide4

We show: Auto-scaling (Cloud) is not a DDoS solution

Attacker can perform an attack on the auto scaling mechanism

Yo-Yo attack:

special crafted of waves of DDoSNowadays is very common to be attacked by Waves of DDoSVM 1

VM 2VM 3VM 4

4

Slide5

We show: Auto-scaling (Cloud) is not a DDoS solution

Attacker can perform an attack on the auto scaling mechanism

Yo-Yo attack:

special crafted of waves of DDoSNowadays is very common to be attacked by Waves of DDoSEconomic damage & Performance degradationHarder to detect & require less resources from attackerVM 1

VM 2VM 3VM 4

5

Slide6

Agenda

Auto scaling overviewAnalysis of Yo-Yo AttackDetecting system stateDefense StrategiesConclusions

6

Slide7

Auto Scaling mechanism

User configures auto scaling rules (scale-up and scale down separately):If the threshold exceeds for duration of scale interval, then actionThreshold:

CPU utilization, BWScale interval: threshold interval (for scale-up and scale-down)

Action: Scale-up or Scale-down Example: If CPU utilization is above 50% for 1 minute then perform a scale-up  add one machine7

Slide8

Discrete / Adaptive auto-scaling

Discrete – the number of machines to increase or decrease is fixed.Adaptive – the number of machines to increase or decrease is adaptive to the system load.Google – has only adaptive auto-scaling.

8

Slide9

Warming time of a machineGiven by the system infrastructure

Warming time of a scale-up – the time until the machine is ready to function:The VM runs with the relevant software and state1-13 minutes [Mao 2012]Warming time of a scale-down – the time until the machine closed and all his resources releasedBackup, Moving states

.

9

Slide10

Yo-Yo attack

The attacker repeatedly oscillates between the two phases: On-attack phase: sends a burst of traffic  scale-upSeveral minutes.Off-attack phase:

stops sending the excess traffic  scale down Start off-attack phase when the attacker detects the scale-up has occurred and ended

. Repeat when the attacker detects the scale-down has occurred and ended. 10

Slide11

Use case analysis:

Value

Parameter

10,000 requests per minRequests 10machines1 minutes Scale up/ Scale down Interval 2 minutesWarming up/Warming down 200% Power of attack (extra load)

Slide12

Yo-Yo Attack on Discrete Scaling

Economic Damage

Performance Damage

12

Slide13

Economic

Damage

Performance Damage Cost of attackSystem0200% extra loadactive 100% DDoS traditional200% cost of cloud 0100% activeDDoS with Auto-ScalingAvg. 100% cost of cloudAvg. 30% extra load50% active Yo-Yo Attack on Discrete System

Use case analysis:With extra peak load of 200%13

Slide14

Yo-Yo attack on Adaptive Scaling

Scale-up Interval

Warming scale up

Economic Damage Performance Damage14

Slide15

Analysis of use case

Economic

Damage Performance Damage Cost of attackSystem0200% extra loadactive 100% DDoS traditional200% cost of cloud 0100% activeDDoS with Auto-ScalingAvg. 100% cost of cloudAvg. 30% extra load 50% active Yo-Yo Attack on Discrete SystemAvg. 166% cost of cloud

Avg. 100% extra load50% active Yo-Yo attack on Adaptive SystemOutcomes: Adaptive is more vulnerable than discrete policyPerformance damage and Economic damageLess cost to the attacker, Harder to Detect 15

Slide16

Adaptive is more vulnerable than discrete policy

Economic Damage

Performance Damage

16

Slide17

Experimental Results on Amazon: Discrete auto-scaling

17

Slide18

Experimental Results on Amazon: Adaptive auto-scaling

18

Slide19

Detecting System StateAttacker: when to oscillate between on-attack to off-attack ?

Sending probe requests and checking the response time.Rule of Thumb:> 1sec  scale up process has not ended.< 1sec 

scale down process has not ended.

19

Slide20

Defense strategies from Yo-Yo attack

Tradeoff:What do you agree to compromise on?

Resource limitation

Scale up early –scale down slowly 20PerformanceCost

Slide21

Conclusion

Auto scaling (and cloud) is not a remedy for DDoSAddresses peak hours problem not DDoS problemNeed of DDoS scrubber that copes with Yo-Yo attack“Auto scaling is a very powerful tool, but it can also be a double-edged sword. Without the proper configuration and testing it can do more harm than good”

[Netflix blog]

21

Slide22

Questions

Questions?

22