A killer adversary for quicksort
Software—Practice & Experience
Summary cache: a scalable wide-area web cache sharing protocol
IEEE/ACM Transactions on Networking (TON)
Efficient string matching: an aid to bibliographic search
Communications of the ACM
Fast Content-Based Packet Handling for Intrusion Detection
Fast Content-Based Packet Handling for Intrusion Detection
Backtracking Algorithmic Complexity Attacks against a NIDS
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
An improved algorithm to accelerate regular expression evaluation
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems
A hybrid finite automaton for practical deep packet inspection
CoNEXT '07 Proceedings of the 2007 ACM CoNEXT conference
Introduction to Automata Theory, Languages, and Computation
Introduction to Automata Theory, Languages, and Computation
A scalable multithreaded L7-filter design for multi-core servers
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Practice of parallelizing network applications on multi-core architectures
Proceedings of the 23rd international conference on Supercomputing
An architecture for exploiting multi-core processors to parallelize network intrusion prevention
Concurrency and Computation: Practice & Experience - Multi-core Supported Network and System Security
Performance adaptation in real-time intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
CompactDFA: generic state machine compression for scalable pattern matching
INFOCOM'10 Proceedings of the 29th conference on Information communications
Packet scheduling for deep packet inspection on multi-core architectures
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
High speed network traffic analysis with commodity multi-core systems
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Evaluating regular expression matching engines on network and general purpose processors
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Fast and Memory-Efficient Traffic Classification with Deep Packet Inspection in CMP Architecture
NAS '10 Proceedings of the 2010 IEEE Fifth International Conference on Networking, Architecture, and Storage
IEEE Transactions on Computers
| Hi-index | 0.00 |
This paper takes advantage of the emerging multi-core computer architecture to design a general framework for mitigating network-based complexity attacks. In complexity attacks, an attacker carefully crafts "heavy" messages (or packets) such that each heavy message consumes substantially more resources than a normal message. Then, it sends a sufficient number of heavy messages to bring the system to a crawl at best. In our architecture, called MCA2---Multi-Core Architecture for Mitigating Complexity Attacks---cores quickly identify such suspicious messages and divert them to a fraction of the cores that are dedicated to handle all the heavy messages. This keeps the rest of the cores relatively unaffected and free to provide the legitimate traffic the same quality of service as if no attack takes place. We demonstrate the effectiveness of our architecture by examining cache-miss complexity attacks against Deep Packet Inspection (DPI) engines. For example, for Snort DPI engine, an attack in which 30% of the packets are malicious degrades the system throughput by over 50%, while with MCA2 the throughput drops by either 20% when no packets are dropped or by 10% in case dropping of heavy packets is allowed. At 60% malicious packets, the corresponding numbers are 70%, 40% and 23%.