Numerical Evaluation of Cloud-Side Shuffling Defenses against DDoS Attacks on Proxied Multiserver Systems

TL;DR

This paper evaluates cloud-side shuffling defenses against DDoS attacks on multiserver systems, using models and experiments to assess their effectiveness in mitigating volumetric and low-volume attacks.

Contribution

It introduces a binomial distribution model for evaluating shuffling defenses and validates it with simulations and prototype experiments.

Findings

Shuffling defenses can effectively mitigate certain DDoS attack types.

The binomial model accurately predicts defense performance.

Proactive and reactive shuffling strategies enhance system resilience.

Abstract

We consider a cloud based multiserver system, that may be cloud based, consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We address cloud-side proactive and reactive defenses to combat DDoS attacks that may target this system. DDoS attacks are endemic with some notable attacks occurring just this past fall. Volumetric attacks may target proxies while "low volume" attacks may target replicas. After reviewing existing and proposed defenses, such as changing proxy IP addresses (a "moving target" technique to combat the reconnaissance phase of the botnet) and fission of overloaded servers, we focus on evaluation of defenses based on shuffling client-to-server assignments that can be both proactive and reactive to a DDoS attack. Our evaluations are based on a binomial distribution model that well agrees with simulations and preliminary experiments on a prototype that is also described.