Skip to main content
SpringerLink
Log in

ML: DDoS Damage Control with MPLS

  • Conference paper
  • First Online:
Secure IT Systems (NordSec 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10014))

Included in the following conference series:

  • 836 Accesses

Abstract

We present a DDoS mitigation mechanism dispatching suspicious and legitimate traffic into separate MultiProtocol Label Switching (MPLS) tunnels, well upstream from the target. The objective is to limit the impact a voluminous attack could otherwise have on the legitimate traffic through saturation of network resources. The separation of traffic is based on a signature identifying suspicious flows, carried in an MPLS label, and then used by a load-balancing mechanism in a router. The legitimite traffic is preserved at the expense of suspcious flows, whose resource allocations are throttled as needed to avoid congestion.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cisco Security Intelligence Operations: Cisco 2014 Annual Security Report. Technical report, Cisco (2014)

    Google Scholar 

  2. Prince, M.: Technical details behind a 400gbps NTP amplification DDoS attack

    Google Scholar 

  3. Rossow, C.: Amplification hell: revisiting network protocols for DDoS abuse. In: NDSS. The Internet Society (2014)

    Google Scholar 

  4. Casado, M., Cao, P., Akella, A., Provos, N.: Flow-cookies: using bandwidth amplification to defend against DDoS flooding attacks. Quality of Service - IWQoS 2006, pp. 286–287 (2006)

    Google Scholar 

  5. Greenhalgh, A., Handley, M., Huici, F.: Using routing and tunneling to combat DoS attacks. In: SRUTI. USENIX Association (2005)

    Google Scholar 

  6. Abujoda, A., Papadimitriou, P.: Midas: middlebox discovery and selection for on-path flow processing. In: COMSNETS, pp. 1–8. IEEE (2015)

    Google Scholar 

  7. Mahimkar, A., Dange, J., Shmatikov, V., Vin, H.M., Zhang, Y.: dFence: transparent network-based Denial of Service mitigation. In: NSDI. USENIX (2007)

    Google Scholar 

  8. Qazi, Z.A., Tu, C.C., Chiang, L., Miao, R., Sekar, V., Yu, M.: SIMPLE-fying middlebox policy enforcement using SDN. In: ACM SIGCOMM 2013 Conference

    Google Scholar 

  9. Paxson, V.: An analysis of using reflectors for distributed Denial-of-Service attacks. Comput. Commun. Rev. 31(3), 38–47 (2001)

    Article  Google Scholar 

  10. Cisco, I.: Unicast reverse path forwarding (1999)

    Google Scholar 

  11. Ferguson, P., Senie, D.: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2827, May 2000

    Google Scholar 

  12. Systems, C.: Remotely triggered black hole filtering - destination based and source based. Technical report, Cisco Systems (2005)

    Google Scholar 

  13. Fung, C.J., McCormick, B.: VGuard: a distributed denial of service attack mitigation method using network function virtualization. In: Network and Service Management (CNSM), pp. 64–70, November 2015

    Google Scholar 

  14. Hachem, N., Debar, H., García-Alfaro, J.: HADEGA: a novel MPLS-based mitigation solution to handle network attacks. In: IPCCC, pp. 171–180. IEEE (2012)

    Google Scholar 

  15. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format (IDMEF). RFC 4765 (Experimental), March 2007

    Google Scholar 

  16. Teague, N.: Open threat signaling using RPC API over HTTPS and IPFIX. Internet-Draft draft-teague-open-threat-signaling-01, IETF Secretariat, July 2015

    Google Scholar 

  17. Cisco, I.: Netflow (2008)

    Google Scholar 

  18. Traffic monitoring using sflow (2003)

    Google Scholar 

  19. Sadasivan, G., Brownlee, N., Claise, B., Quittek, J.: Architecture for IP Flow Information Export. RFC 5470, March 2009

    Google Scholar 

  20. Baker, Z.K., Prasanna, V.K.: Time and area efficient pattern matching on FPGAs. In: Tessier, R., Schmit, H. (eds.) FPGA, pp. 223–232. ACM (2004)

    Google Scholar 

  21. Roesch, M.: Snort: lightweight intrusion detection for networks. In: Parter, D.W. (ed.) LISA, pp. 229–238. USENIX (1999)

    Google Scholar 

  22. Vordos, I.: Mitigating distributed denial of service attacks with multi-protocol label switching-traffic engineering (MPLS-TE). Ph.D. thesis, Naval Postgraduate School (2009)

    Google Scholar 

  23. Understanding ACL on catalyst 6500 series switches. Technical report, Cisco

    Google Scholar 

  24. Dharmapurikar, S., Krishnamurthy, P., Taylor, D.E.: Longest prefix matching using bloom filters. IEEE/ACM Trans. Netw. 14(2), 397–409 (2006)

    Article  Google Scholar 

  25. Chan, E.Y.K., et al.: IDR: an intrusion detection router for defending against distributed denial-of-service (DDOS) attacks. In: ISPAN, pp. 581–586. IEEE Computer Society (2004)

    Google Scholar 

  26. Cohen, S., Matias, Y.: Spectral Bloom filters. In: Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, SIGMOD 2003, pp. 241–252. ACM, New York (2003)

    Google Scholar 

  27. Wang, H., Shin, K.G.: Transport-aware IP routers: a built-in protection mechanism to counter DDoS attacks. IEEE Trans. Parallel Distrib. Syst. 14(9), 873–884 (2003)

    Article  Google Scholar 

  28. Menth, M., Reifert, A., Milbrandt, J.: Self-protecting multipaths — a simple and resource-efficient protection switching mechanism for MPLS networks. In: Mitrou, N., Kontovasilis, K., Rouskas, G.N., Iliadis, I., Merakos, L. (eds.) NETWORKING 2004. LNCS, vol. 3042, pp. 526–537. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24693-0_44

    Google Scholar 

  29. Kazmi, N.A., Koster, A.M.C.A., Branke, J.: Formulations and algorithms for the multi-path selection problem in network routing. In: ICUMT, pp. 738–744. IEEE (2012)

    Google Scholar 

  30. Murthy, S., Garcia-Luna-Aceves, J.J.: Congestion-oriented shortest multipath routing. In: Proceedings IEEE INFOCOM 1996, pp. 1028–1036. IEEE (1996)

    Google Scholar 

  31. Zhang, J., Xi, K., Zhang, L., Chao, H.J.: Optimizing network performance using weighted multipath routing. In: 21st International Conference on Computer Communications and Networks (ICCCN), 2012, pp. 1–7, July 2012

    Google Scholar 

  32. Rosen, E., Viswanathan, A., Callon, R.: Multiprotocol Label Switching Architecture. RFC 3031, January 2001

    Google Scholar 

  33. Awduche, D., Malcolm, J., Agogbua, J., O’Dell, M., McManus, J.: Requirements for Traffic Engineering Over MPLS. RFC 2702 (Informational), September 1999

    Google Scholar 

  34. Faucheur, F.L., et al.: Multi-Protocol Label Switching (MPLS) Support of Differentiated Services. RFC 3270, May 2002

    Google Scholar 

  35. Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970)

    Article  MATH  Google Scholar 

  36. Fan, L., Cao, P., Almeida, J.M., Broder, A.Z.: Summary cache: a scalable wide-area web cache sharing protocol. In: SIGCOMM, pp. 254–265 (1998)

    Google Scholar 

  37. Cisco: Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 - Policing and Shaping Overview

    Google Scholar 

  38. Fontugne, R., Borgnat, P., Abry, P., Fukuda, K.: MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking. In: CoNEXT, p. 8. ACM (2010)

    Google Scholar 

Download references

Acknowledgement

This research is supported by the European Seventh Framework Programme (FP7) and by the Japanese Ministry of Internal Affairs and Communication (MIC) during the project NECOMA under grant agreement No 608533, and by the French research program Programme d’Investissements d’Avenir (PIA) during the project SIEM+ under grant agreement P111271-3583256.

Author information

Authors and Affiliations

  1. 6cure, Colombelles, France

    Pierre-Edouard Fabre & Jouni Viinikka

  2. Institut Mines-Telecom, Telecom SudParis, CNRS Samovar UMR 5157, Evry, France

    Pierre-Edouard Fabre, Hervé Debar & Gregory Blanc

Authors
  1. Pierre-Edouard Fabre
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hervé Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jouni Viinikka
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gregory Blanc
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pierre-Edouard Fabre .

Editor information

Editors and Affiliations

  1. Tampere University of Technology , Tampere, Finland

    Billy Bob Brumley

  2. Computer Science and Eng, University of Oulu, Oulu, Finland

    Juha Röning

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Fabre, PE., Debar, H., Viinikka, J., Blanc, G. (2016). ML: DDoS Damage Control with MPLS. In: Brumley, B., Röning, J. (eds) Secure IT Systems. NordSec 2016. Lecture Notes in Computer Science(), vol 10014. Springer, Cham. https://doi.org/10.1007/978-3-319-47560-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47560-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47559-2

  • Online ISBN: 978-3-319-47560-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation