Abstract—One key adaptation mechanism often deployed in networking and computing systems is dynamic load balancing. The goal from employing dynamic load balancers is to ensure that the offered load would be judiciously distributed across resources to optimize the overall performance. To that end, this paper discovers and studies new instances of Reduction of Quality (RoQ) attacks that target the dynamic operation of load balancers. Our exposition is focused on a number of load balancing policies that are either employed in current commercial products or have been proposed in literature for future deployment. Through queuing theory analysis, numerical solutions, simulations and Internet experiments, we are able to assess the impact of RoQ attacks through the potency metric. We identify the key factors, such as feedback delay and averaging parameters, that expose the trade-offs between resilience and susceptibility to RoQ attacks. These factors could be used to harden load balancers against RoQ attacks. To the best of our knowledge, this work is the first to study adversarial exploits on the dynamic operation of load balancers.

Abstract — Recent research have exposed new breeds of attacks that are capable of denying service or inflicting significant damage to TCP flows, without sustaining the attack traffic. Such attacks are often referred to as “low-rate ” attacks and they stand in sharp contrast against traditional Denial of Service (DoS) attacks that can completely shut off TCP flows by flooding an Internet link. In this paper, we study the impact of these new breeds of attacks and the extent to which defense mechanisms are capable of mitigating the attack’s impact. Through adopting a simple discrete-time model with a single TCP flow and a nonoblivious adversary, we were able to expose new variants of these low-rate attacks that could potentially have high attack potency per attack burst. Our analysis is focused towards worst-case scenarios, thus our results should be regarded as upper bounds on the impact of low-rate attacks rather than a real assessment under a specific attack scenario.

Reduction of Quality (RoQ) attack is a new style of Distributed Denial of Service (DDoS) attack. The goodput and delay performance of TCP or UDP flows are very sensitive to such RoQ attacks. In this paper, we study in detail congestion-based RoQ DDoS attacks in mobile ad-hoc networks for the first time. Specifically, we study the attacking principles based on analysis of the network capacity and classify these attacks into four categories: pulsing attack, round robin attack, self-whisper attack, and flooding attack. We then propose a defense scheme that includes both the detection and response mechanisms. The detection signals include the frequency of receiving RTS/CTS packets, frequency of sensing a busy channel (signal interference), and number of RTS/DATA retransmissions. The response scheme is based on the ECN marking mechanism. Through extensive ns2 network simulations, we demonstrate the existence of high goodput and delay jitters under the pulsing attack mode. Increase in delay (by 110 times under five attacking flows) and decrease in goodput (to 77 % under five attacking flows) can be observed especially when more attacking flows occurs. Moreover, we show through simulations that similar behaviors can also be observed for TCP flows as well as networks of other topology types.

grid computing architectures employ sophisticated adaptation mechanisms to mitigate overload conditions. Of those widely used are: admission controllers, load balancers and content adaptation controllers. For example, server farms experience performance degradation as more clients connect and submit requests to the servers and as the number of requests increase, the servers will experience an increased strain on their resources eventually reaching the point of overload. To prevent and mitigate such overload conditions, one (or more) of the above mechanisms is typically present. This work focuses primarily on content adaptation controllers and their security implications. In a content adaptation setting, the content adaptation controller decides the quality of the content being served, based on the measured load from the servers [1]. Serving degraded

attacks that degrade the QoS to end systems slowly but not to deny the services completely. These attacks are more difficult to detect than the flooding type of DDoS attacks. In this paper, we explore the energy distributions of Internet traffic flows in frequency domain. Normal TCP traffic flows present some form of periodicity because of TCP protocol behavior. Our results reveal that normal TCP flows can be segregated from malicious flows using some energy distribution properties. We discover the spectral shifting of attack flows from that of normal flows. Combining flow-level spectral analysis with sequential hypothesis testing, we propose a novel defense scheme against shrew DDoS or RoQ (reduction-of-service) attacks. Our detection and filtering scheme can effectively rescue 99 % legitimate TCP flows under the RoS attacks.

attacks using spectral analysis �

A Shrew attack, which uses a low-rate burst carefully designed to exploit TCP’s retransmission timeout mechanism, can throttle the bandwidth of a TCP flow in a stealthy manner. While such an attack can significantly degrade the performance of all TCP-based protocols and services including Internet routing (e.g., BGP), no existing scheme clearly solves the problem in real network scenarios. In this paper, we propose a simple protection mechanism, called SAP (Shrew Attack Protection), for defending against a Shrew attack. Rather than attempting to track and isolate Shrew attackers, SAP identifies TCP victims by monitoring their drop rates and preferentially admits those packets from victims with high drop rates to the output queue. This is to ensure that wellbehaved TCP sessions can retain their bandwidth shares. Our simulations indicate that under a Shrew attack, SAP can prevent TCP sessions from closing, and effectively enable TCP flows to maintain high throughput. SAP is a destinationport-based mechanism and requires only a small number of counters to find potential victims, which makes SAP readily implementable on top of existing router mechanisms. 1.

Internet end-systems employ various adaptation mechanisms that enable them to respond adequately to legitimate requests in overload situations. Today, these mechanisms are incorporated in most scalable end-systems through the use of one or more component subsystems such as admission controllers, traffic shapers, content transcoders, QoS Controllers, and load balancers. While the design of these components has been heavily investigated and significantly fine-tuned for efficiency and scalability purposes, the security implication of the adaptation mechanisms used in these components has not been on the radar to system designers. To that end, this paper exposes adversarial exploits of the dynamics that result from the adaptive nature of these components. We show that a well orchestrated Reduction of Quality (RoQ) attack could induce significant inefficiencies or reduce the service quality of end-systems, without resorting to brute-force Denial-of-Service (DoS) exploits that target the limited steady-state capacity of these end-systems. We present a general analytical framework that captures the effect of RoQ exploits on the underlying optimization process of the adaptation mechanisms. Using detailed models, we instantiate this general framework for some of the aforementioned end-system adaptation mechanisms, focusing on admission controllers and load balancers. Our exposition is supported with numerical solutions of analytical models, which are validated using results from detailed simulations, and measurements from real Internet experiments performed in our lab.