author:
Chen, Xiang
(Chen, Xiang.)
[1]
|
Liu, Hongyan
(Liu, Hongyan.)
[2]
|
Sun, Tingxin
(Sun, Tingxin.)
[3]
|
Huang, Qun
(Huang, Qun.)
[4]
|
Zhang, Dong
(Zhang, Dong.)
[5]
|
Liu, Xuan
(Liu, Xuan.)
[6]
|
Zhou, Boyang
(Zhou, Boyang.)
[7]
|
Zhou, Haifeng
(Zhou, Haifeng.)
[8]
|
Wu, Chunming
(Wu, Chunming.)
[9]
Unfold
Abstract:
To date, security researchers evaluate their solutions of mitigating denial-of-service (DDoS) attacks via kernel-based or kernel-bypassing testing tools. However, kernel-based tools exhibit poor scalability in attack traffic generation while kernel-bypassing tools result in unacceptable monetary cost. We propose Excalibur, a scalable and low-cost testing framework for DDoS defense solutions. The key idea is to leverage the programmable switch to perform testing tasks with Tbps-level scalability and low cost. Specifically, Excalibur coordinates both a server and a programmable switch to jointly perform testing tasks. It realizes flexible attack traffic generation, which requires a large number of resources, in the server while using the switch to increase the sending rate of attack traffic to Tbps-level. Our experiments on a 64×100Gbps Tofino switch show that Excalibur achieves orders-of-magnitude higher scalability and lower cost than existing tools. © 2023 IEEE.
Keyword:
Costs
Denial-of-service attack
Network security
Scalability
Conference Name
42nd IEEE International Conference on Computer Communications, INFOCOM 2023
Place
Hybrid, New York City, NY, United states
Classification
723 Computer Software, Data Handling and Applications - 902.3 Legal Aspects - 911 Cost and Value Engineering; Industrial Economics - 961 Systems Science
Type
We sincerely thank our TPC reviewers and chairs for their constructive comments and insightful suggestions. This work is supported by the National Key R&D Program of China (2022YFB2901305), the National Natural Science Foundation of China (61902362, and 62172007), the Joint Funds of the National Natural Science Foundation of China (U20A20179), the Fundamental Research Funds for the Central Universities (Zhejiang University NGICS Platform), and the Major Science and Technology Infrastructure Project of Zhijiang Laboratory (Large-scale experimental device for information security of new generation industrial control system).
Access Number
EI:20233814771549
