Back To Schedule
Thursday, July 11 • 5:15pm - 5:35pm
Detecting Asymmetric Application-layer Denial-of-Service Attacks In-Flight with Finelame

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Denial of service (DoS) attacks increasingly exploit algorithmic, semantic, or implementation characteristics dormant in victim applications, often with minimal attacker resources. Practical and efficient detection of these asymmetric DoS attacks requires us to (i) catch offending requests in-flight, before they consume a critical amount of resources, (ii) remain agnostic to the application internals, such as the programming language or runtime system, and (iii) introduce low overhead in terms of both performance and programmer effort.

This paper introduces Finelame, a language-independent framework for detecting asymmetric DoS attacks. Finelame leverages operating system visibility across the entire software stack to instrument key resource allocation and negotiation points. It leverages recent advances in the Linux extended Berkeley Packet Filter virtual machine to attach application-level interposition probes to key request processing functions, and lightweight resource monitors---user/kernel-level probes---to key resource allocation functions. The data collected is used to train a model of resource utilization that occurs throughout the lifetime of individual requests. The model parameters are then shared with the resource monitors, which use them to catch offending requests in-flight, inline with resource allocation. We demonstrate that Finelame can be integrated with legacy applications with minimal effort, and that it is able to detect resource abuse attacks much earlier than their intended completion time while posing low performance overheads.


Henri Maxime Demoulin

University of Pennsylvania

Isaac Pedisich

University of Pennsylvania

Nikos Vasilakis

University of Pennsylvania

Vincent Liu

University of Pennsylvania

Boon Thau Loo

University of Pennsylvania

Linh Thi Xuan Phan

University of Pennsylvania

Thursday July 11, 2019 5:15pm - 5:35pm PDT
USENIX ATC Track I: Grand Ballroom I–VI