Supported by ERC starting grant IEEE INFOCOM 2017 Atlanta GA USA Mor Sides Anat Bremler Barr Eli Brosh Interdisciplinary Center Herzliya Israel Distributed Denial of Service ID: 787183
Download The PPT/PDF document "Yo-Yo Attack : DDoS Attack on Cloud Aut..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms
Supported by ERC starting grant.
IEEE INFOCOM 2017, Atlanta, GA, USA
Mor
Sides, Anat Bremler-Barr, Eli BroshInterdisciplinary Center, Herzliya, Israel
Slide2Distributed Denial of Service
DDoS creates
overload
performance degradation
2
Slide3Cloud as a DDoS solution
Common Belief : Cloud is a solution (auto-scaling)
Auto scaling: ability to add machines to cope with the overload
#2 in AWS best practices for DDoS ResiliencyNo performance degradation Economic Damage Economic Denial of Sustainability attack (EDoS)VM 1
VM 2VM 3VM 4
3
Slide4We show: Auto-scaling (Cloud) is not a DDoS solution
Attacker can perform an attack on the auto scaling mechanism
Yo-Yo attack:
special crafted of waves of DDoSNowadays is very common to be attacked by Waves of DDoSVM 1
VM 2VM 3VM 4
4
Slide5We show: Auto-scaling (Cloud) is not a DDoS solution
Attacker can perform an attack on the auto scaling mechanism
Yo-Yo attack:
special crafted of waves of DDoSNowadays is very common to be attacked by Waves of DDoSEconomic damage & Performance degradationHarder to detect & require less resources from attackerVM 1
VM 2VM 3VM 4
5
Slide6Agenda
Auto scaling overviewAnalysis of Yo-Yo AttackDetecting system stateDefense StrategiesConclusions
6
Slide7Auto Scaling mechanism
User configures auto scaling rules (scale-up and scale down separately):If the threshold exceeds for duration of scale interval, then actionThreshold:
CPU utilization, BWScale interval: threshold interval (for scale-up and scale-down)
Action: Scale-up or Scale-down Example: If CPU utilization is above 50% for 1 minute then perform a scale-up add one machine7
Slide8Discrete / Adaptive auto-scaling
Discrete – the number of machines to increase or decrease is fixed.Adaptive – the number of machines to increase or decrease is adaptive to the system load.Google – has only adaptive auto-scaling.
8
Slide9Warming time of a machineGiven by the system infrastructure
Warming time of a scale-up – the time until the machine is ready to function:The VM runs with the relevant software and state1-13 minutes [Mao 2012]Warming time of a scale-down – the time until the machine closed and all his resources releasedBackup, Moving states
.
9
Slide10Yo-Yo attack
The attacker repeatedly oscillates between the two phases: On-attack phase: sends a burst of traffic scale-upSeveral minutes.Off-attack phase:
stops sending the excess traffic scale down Start off-attack phase when the attacker detects the scale-up has occurred and ended
. Repeat when the attacker detects the scale-down has occurred and ended. 10
Slide11Use case analysis:
Value
Parameter
10,000 requests per minRequests 10machines1 minutes Scale up/ Scale down Interval 2 minutesWarming up/Warming down 200% Power of attack (extra load)
Slide12Yo-Yo Attack on Discrete Scaling
Economic Damage
Performance Damage
12
Slide13Economic
Damage
Performance Damage Cost of attackSystem0200% extra loadactive 100% DDoS traditional200% cost of cloud 0100% activeDDoS with Auto-ScalingAvg. 100% cost of cloudAvg. 30% extra load50% active Yo-Yo Attack on Discrete System
Use case analysis:With extra peak load of 200%13
Slide14Yo-Yo attack on Adaptive Scaling
Scale-up Interval
Warming scale up
Economic Damage Performance Damage14
Slide15Analysis of use case
Economic
Damage Performance Damage Cost of attackSystem0200% extra loadactive 100% DDoS traditional200% cost of cloud 0100% activeDDoS with Auto-ScalingAvg. 100% cost of cloudAvg. 30% extra load 50% active Yo-Yo Attack on Discrete SystemAvg. 166% cost of cloud
Avg. 100% extra load50% active Yo-Yo attack on Adaptive SystemOutcomes: Adaptive is more vulnerable than discrete policyPerformance damage and Economic damageLess cost to the attacker, Harder to Detect 15
Slide16Adaptive is more vulnerable than discrete policy
Economic Damage
Performance Damage
16
Slide17Experimental Results on Amazon: Discrete auto-scaling
17
Slide18Experimental Results on Amazon: Adaptive auto-scaling
18
Slide19Detecting System StateAttacker: when to oscillate between on-attack to off-attack ?
Sending probe requests and checking the response time.Rule of Thumb:> 1sec scale up process has not ended.< 1sec
scale down process has not ended.
19
Slide20Defense strategies from Yo-Yo attack
Tradeoff:What do you agree to compromise on?
Resource limitation
Scale up early –scale down slowly 20PerformanceCost
Slide21Conclusion
Auto scaling (and cloud) is not a remedy for DDoSAddresses peak hours problem not DDoS problemNeed of DDoS scrubber that copes with Yo-Yo attack“Auto scaling is a very powerful tool, but it can also be a double-edged sword. Without the proper configuration and testing it can do more harm than good”
[Netflix blog]
21
Slide22Questions
Questions?
22