12:45PM, Thursday, February 24th 2005.
Gates 104

Surviving Denial of Service Attacks that Mimic User Browsing Behavior

Dina Katabi

About the talk:
Denial of service attacks are increasingly mounted by professionals in exchange for money or material benefits. Botnets of thousands of compromised machines are rented by the hour on IRC and used to DDoS online businesses to extort money or obtain commercial advantage.  To circumvent detection, attackers are increasingly moving away from pure bandwidth floods to attacks that mimic the Web browsing behavior of a large number of clients, and target expensive higher-layer resources such as CPU, database and disk bandwidth. The resulting attacks are hard to defend against using standard techniques as the malicious requests differ from the legitimate ones in intent but not in content.

This talk presents the design and implementation of Kill-Bots, a solution that protects Web servers against DDoS attacks that masquerade as flash crowds.  Kill-Bots provides authentication using graphical tests but is different from other systems that use graphical tests. First, instead of authenticating clients based on whether they solve the graphical test, Kill-Bots uses the test to quickly identify the IP addresses of the attack machines.  This allows it to block the malicious requests while allowing access to legitimate users who are unable or unwilling to solve graphical tests. Second, Kill-Bots sends a test and checks the client's answer without allowing unauthenticated clients access to sockets, TCBs, worker processes, etc. This protects the authentication mechanism from being DDoSed.  Third, Kill-Bots combines authentication with admission control. As a result, it improves performance, regardless of whether the server overload is caused by DDoS or a true Flash Crowd. This makes Kill-Bots the first system to address both DDoS and Flash Crowds within a single framework.

About the speaker:
Dina Katabi is an Assistant Professor in the Department of Electrical Engineering and Computer Science and a member of the Computer Science and Artificial Intelligence Laboratory (CSAIL) at MIT. She received her PhD and MS from MIT in 2003 and 1999, and her Bachelor of Science from Damascus University in 1995. Her doctoral dissertation won a Sprowls award and an ACM Honorable Mention award. She has won the best student paper award in SIGCOMM 2000. She has published in many conferences including SIGCOMM, NSDI, IMC, etc. Recently, she has organized and co-chaired the first SIGCOMM workshop on Practice and Theory of Incentives in Networked Systems (PINS) and the SRUTI Usenix Workshop on Network Security.