Presentation is loading. Please wait.

Presentation is loading. Please wait.

Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms

Published byCamron Parsons Modified over 6 years ago

Similar presentations

Presentation on theme: "Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms"— Presentation transcript:

1 Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms
Mor Sides, Anat Bremler-Barr, Eli Brosh Interdisciplinary Center, Herzliya, Israel Supported by ERC starting grant. IEEE INFOCOM 2017, Atlanta, GA, USA

2 Distributed Denial of Service
DDoS creates overload  performance degradation

3 Cloud as a DDoS solution
Common Belief : Cloud is a solution (auto-scaling) Auto scaling: ability to add machines to cope with the overload #2 in AWS best practices for DDoS Resiliency No performance degradation  Economic Damage Economic Denial of Sustainability attack (EDoS) VM 1 VM 2 VM 3 VM 4

4 We show: Auto-scaling (Cloud) is not a DDoS solution
Attacker can perform an attack on the auto scaling mechanism Yo-Yo attack: special crafted of waves of DDoS Nowadays is very common to be attacked by Waves of DDoS VM 1 VM 2 VM 3 VM 4

5 We show: Auto-scaling (Cloud) is not a DDoS solution
Attacker can perform an attack on the auto scaling mechanism Yo-Yo attack: special crafted of waves of DDoS Nowadays is very common to be attacked by Waves of DDoS Economic damage & Performance degradation Harder to detect & require less resources from attacker VM 1 VM 2 VM 3 VM 4

6 Agenda Auto scaling overview Analysis of Yo-Yo Attack
Detecting system state Defense Strategies Conclusions

7 Auto Scaling mechanism
User configures auto scaling rules (scale-up and scale down separately): If the threshold exceeds for duration of scale interval, then action Threshold: CPU utilization, BW Scale interval: threshold interval (for scale-up and scale-down) Action: Scale-up or Scale-down Example: If CPU utilization is above 50% for 1 minute then perform a scale-up  add one machine

8 Discrete / Adaptive auto-scaling
Discrete – the number of machines to increase or decrease is fixed. Adaptive – the number of machines to increase or decrease is adaptive to the system load. Google – has only adaptive auto-scaling.

9 Warming time of a machine
Given by the system infrastructure Warming time of a scale-up – the time until the machine is ready to function: The VM runs with the relevant software and state 1-13 minutes [Mao 2012] Warming time of a scale-down – the time until the machine closed and all his resources released Backup, Moving states.

10 Yo-Yo attack The attacker repeatedly oscillates between the two phases: On-attack phase: sends a burst of traffic  scale-up Several minutes. Off-attack phase: stops sending the excess traffic  scale down Start off-attack phase when the attacker detects the scale-up has occurred and ended. Repeat when the attacker detects the scale-down has occurred and ended.

11 Use case analysis: Value Parameter 10,000 requests per min Requests 10
machines 1 minutes Scale up/ Scale down Interval 2 minutes Warming up/Warming down 200% Power of attack (extra load)

12 Yo-Yo Attack on Discrete Scaling
Economic Damage Performance Damage

13 Use case analysis: Economic Damage Performance Damage Cost of attack
System 200% extra load active 100% DDoS traditional 200% cost of cloud 100% active DDoS with Auto-Scaling Avg. 100% cost of cloud Avg. 30% extra load 50% active Yo-Yo Attack on Discrete System With extra peak load of 200%

14 Yo-Yo attack on Adaptive Scaling
Economic Damage Performance Damage Scale-up Interval Warming scale up

15 Analysis of use case Outcomes:
Economic Damage Performance Damage Cost of attack System 200% extra load active 100% DDoS traditional 200% cost of cloud 100% active DDoS with Auto-Scaling Avg. 100% cost of cloud Avg. 30% extra load 50% active Yo-Yo Attack on Discrete System Avg. 166% cost of cloud Avg. 100% extra load 50% active Yo-Yo attack on Adaptive System Outcomes: Adaptive is more vulnerable than discrete policy Performance damage and Economic damage Less cost to the attacker, Harder to Detect

16 Adaptive is more vulnerable than discrete policy
Economic Damage Performance Damage

17 Experimental Results on Amazon: Discrete auto-scaling

18 Experimental Results on Amazon: Adaptive auto-scaling

19 Detecting System State
Attacker: when to oscillate between on-attack to off-attack ? Sending probe requests and checking the response time. Rule of Thumb: > 1sec  scale up process has not ended. < 1sec  scale down process has not ended.

20 Defense strategies from Yo-Yo attack
Tradeoff: What do you agree to compromise on? Performance Cost Resource limitation Scale up early – scale down slowly

21 Conclusion Auto scaling (and cloud) is not a remedy for DDoS
Addresses peak hours problem not DDoS problem Need of DDoS scrubber that copes with Yo-Yo attack “Auto scaling is a very powerful tool, but it can also be a double-edged sword. Without the proper configuration and testing it can do more harm than good” [Netflix blog]

22 Questions Questions?

Download ppt "Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms"

Similar presentations

Summary of Cloud Computing (CC) from the paper Abovce the Clouds: A Berkeley View of Cloud Computing (Feb. 2009)

Summary of Cloud Computing (CC) from the paper Abovce the Clouds: A Berkeley View of Cloud Computing (Feb. 2009)
Evaluation of performance aspects of the Auto-ID Infrastructure

Evaluation of performance aspects of the Auto-ID Infrastructure
Performance Testing - Kanwalpreet Singh.

Performance Testing - Kanwalpreet Singh.
Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)

Lecture 5: Cloud Security: what’s new? Xiaowei Yang (Duke University)
Pathload A measurement tool for end-to-end available bandwidth Manish Jain, Univ-Delaware Constantinos Dovrolis, Univ-Delaware Sigcomm 02.

Pathload A measurement tool for end-to-end available bandwidth Manish Jain, Univ-Delaware Constantinos Dovrolis, Univ-Delaware Sigcomm 02.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 3 02/15/2010 Security and Privacy in Cloud Computing.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
SLA-Oriented Resource Provisioning for Cloud Computing

SLA-Oriented Resource Provisioning for Cloud Computing
Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part2) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Infrastructure as a Service (IaaS) Amazon EC2

Infrastructure as a Service (IaaS) Amazon EC2
ARP Traffic Study Jim Rees, Manish Karir Research and Development Merit Network Inc.

ARP Traffic Study Jim Rees, Manish Karir Research and Development Merit Network Inc.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.
Authors: Thomas Ristenpart, et at.

Authors: Thomas Ristenpart, et at.
An Introduction to Cloud Computing. The challenge Add new services for your users quickly and cost effectively.

An Introduction to Cloud Computing. The challenge Add new services for your users quickly and cost effectively.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
1 The Good, The Bad and the Ugly: Network Performance in Malicious Environment Udi Ben-Porat ETH Zurich, Switzerland Anat Bremler-Barr IDC Herzliya, Israel.

1 The Good, The Bad and the Ugly: Network Performance in Malicious Environment Udi Ben-Porat ETH Zurich, Switzerland Anat Bremler-Barr IDC Herzliya, Israel.

Similar presentations

Ads by Google