Visible to the public CICADAS: Congesting the Internet with Coordinated and Decentralized Pulsating Attacks

TitleCICADAS: Congesting the Internet with Coordinated and Decentralized Pulsating Attacks
Publication TypeConference Paper
Year of Publication2016
AuthorsKe, Yu-Ming, Chen, Chih-Wei, Hsiao, Hsu-Chun, Perrig, Adrian, Sekar, Vyas
Conference NameProceedings of the 11th ACM on Asia Conference on Computer and Communications Security
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4233-9
Keywordscontroller area network security, controller area networks, DDoS Attack, distributed and decentralized coordination, Internet of Things, Internet of Things (IoT), Kalman filter, pubcrawl, pulsating attack, Resiliency

This study stems from the premise that we need to break away from the "reactive" cycle of developing defenses against new DDoS attacks (e.g., amplification) by proactively investigating the potential for new types of DDoS attacks. Our specific focus is on pulsating attacks, a particularly debilitating type that has been hypothesized in the literature. In a pulsating attack, bots coordinate to generate intermittent pulses at target links to significantly reduce the throughput of TCP connections traversing the target. With pulsating attacks, attackers can cause significantly greater damage to legitimate users than traditional link flooding attacks. To date, however, pulsating attacks have been either deemed ineffective or easily defendable for two reasons: (1) they require a central coordinator and can thus be tracked; and (2) they require tight synchronization of pulses, which is difficult even in normal non-congestion scenarios. This paper argues that, in fact, the perceived drawbacks of pulsating attacks are in fact not fundamental. We develop a practical pulsating attack called CICADAS using two key ideas: using both (1) congestion as an implicit signal for decentralized implementation, and (2) a Kalman-filter-based approach to achieve tight synchronization. We validate CICADAS using simulations and wide-area experiments. We also discuss possible countermeasures against this attack.

Citation Keyke_cicadas:_2016