Challenges of Cloud Auto-Scaling Mechanisms in DDoS Attacks

Distributed Denial of Service (DDoS) attacks pose a serious threat to cloud auto-scaling mechanisms, as attackers can exploit vulnerabilities in these systems, such as the Yo-Yo attack, leading to economic damage and performance degradation. This study highlights the ineffectiveness of auto-scaling as a DDoS solution, emphasizing the need for enhanced detection and defense strategies to mitigate such attacks effectively.

• Cloud Computing
• DDoS Attacks
• Auto-Scaling Mechanisms
• Cybersecurity
• Yo-Yo Attack

land_an Follow

Uploaded on Oct 04, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms Mor Sides, Anat Bremler-Barr, Eli Brosh Interdisciplinary Center, Herzliya, Israel Supported by ERC starting grant. IEEE INFOCOM 2017, Atlanta, GA, USA

2. Distributed Denial of Service DDoS creates overload performance degradation 2

3. Cloud as a DDoS solution Common Belief : Cloud is a solution (auto-scaling) Auto scaling: ability to add machines to cope with the overload #2 in AWS best practices for DDoS Resiliency No performance degradation Economic Damage Economic Denial of Sustainability attack (EDoS) 3

4. We show: Auto-scaling (Cloud) is nota DDoS solution Attacker can perform an attack on the auto scaling mechanism Yo-Yo attack: special crafted of waves of DDoS Nowadays is very common to be attacked by Waves of DDoS 4

5. We show: Auto-scaling (Cloud) is nota DDoS solution Attacker can perform an attack on the auto scaling mechanism Yo-Yo attack: special crafted of waves of DDoS Nowadays is very common to be attacked by Waves of DDoS Economic damage & Performance degradation Harder to detect & require less resources from attacker 5

6. Agenda Auto scaling overview Analysis of Yo-Yo Attack Detecting system state Defense Strategies Conclusions 6

7. Auto Scaling mechanism User configures auto scaling rules (scale-up and scale down separately): If the threshold exceeds for duration of scale interval, then action Threshold: CPU utilization, BW Scale interval: threshold interval (for scale-up and scale-down) Action: Scale-up or Scale-down Example: If CPU utilization is above 50% for 1 minute then perform a scale-up add one machine 7

8. Discrete / Adaptive auto-scaling Discrete the number of machines to increase or decrease is fixed. Adaptive the number of machines to increase or decrease is adaptive to the system load. Google has only adaptive auto-scaling. 8

9. Warming time of a machine Given by the system infrastructure Warming time of a scale-up the time until the machine is ready to function: The VM runs with the relevant software and state 1-13 minutes [Mao 2012] Warming time of a scale-down the time until the machine closed and all his resources released Backup, Moving states. 9

10. Yo-Yo attack The attacker repeatedly oscillates between the two phases: On-attack phase: sends a burst of traffic scale-up Several minutes. Off-attack phase: stops sending the excess traffic scale down Start off-attack phase when the attacker detects the scale-up has occurred and ended. Repeat when the attacker detects the scale-down has occurred and ended. 10

11. Use case analysis: Parameter Value Requests 10,000 requests per min machines 10 Scale up/ Scale down Interval 1 minutes Warming up/Warming down 2 minutes Power of attack (extra load) 200%

12. Yo-Yo Attack on Discrete Scaling Economic Damage Performance Damage 12

13. Use case analysis: Performance Damage Economic Damage System Cost of attack DDoS traditional 100% active 200% extra load 0 DDoS with Auto-Scaling 100% active 0 200% cost of cloud Yo-Yo Attack on Discrete System Avg. 100% cost of cloud 50% active Avg. 30% extra load With extra peak load of 200% 13

14. Yo-Yo attack on Adaptive Scaling Economic Damage Performance Damage Scale-up Interval Warming scale up 14

15. Analysis of use case Performance Damage Economic Damage System Cost of attack 100% DDoS traditional active 200% extra load 0 DDoS with Auto-Scaling 100% active 0 200% cost of cloud Yo-Yo Attack on Discrete System Avg. 100% cost of cloud 50% active Avg. 30% extra load Yo-Yo attack on Adaptive System Avg. 166% cost of cloud 50% active Avg. 100% extra load Outcomes: Adaptive is more vulnerable than discrete policy Performance damage and Economic damage Less cost to the attacker, Harder to Detect 15

16. Adaptive is more vulnerable than discrete policy Economic Damage Performance Damage 16

17. Experimental Results on Amazon: Discrete auto-scaling 17

18. Experimental Results on Amazon: Adaptive auto-scaling 18

19. Detecting System State Attacker: when to oscillate between on-attack to off-attack ? Sending probe requests and checking the response time. Rule of Thumb: > 1sec scale up process has not ended. < 1sec scale down process has not ended. 19

20. Defense strategies from Yo-Yo attack Tradeoff: What do you agree to compromise on? Performance Cost Resource limitation Scale up early scale down slowly 20

21. Conclusion Auto scaling (and cloud) is not a remedy for DDoS Addresses peak hours problem not DDoS problem Need of DDoS scrubber that copes with Yo-Yo attack Auto scaling is a very powerful tool, but it can also be a double-edged sword. Without the proper configuration and testing it can do more harm than good [Netflix blog] 21

22. Questions Questions? 22