Withstanding Multimillion-Node Botnets

Colin Dixon is a graduate student at the University of Washington. While an undergraduate at the University of Maryland he worked on approximation algorithms and anonymous communication. His current research interests include computer security, network architecture, and distributed systems with a focus on deployable solutions for real-world problems. of Washington. He is an ACM Fellow and a winner of the ACM SIGOPS Mark Weiser Award, but he is perhaps best known as the author of the Nachos operating system. His research interests are primarily at the boundary between the theory and practice of distributed systems. He has worked on automated mechanisms for managing overlay networks and distributed hash tables, network measurements, parallel computing , techniques to make low-latency RAID devices, and distributed storage systems that integrate the numerous ad hoc devices around the home. l a r g e-s c a l e d I s t r I b u t e d d e n I a l o f service (DoS) attacks are an unfortunate everyday reality on the Internet. They are simple to execute and, with the growing size of botnets, more effective than ever. Although much progress has been made in developing techniques to address DoS attacks, no existing solution handles non-cacheable content, is unilaterally deploy-able, works with the Internet model of open access and dynamic routes, and copes with the large numbers of attackers typical of today's botnets. We believe we have created a practical solution. setting the stage The current Internet is often compared to the Wild West and not without merit. A combination of the lack of accountability, the complexities of multiple legal jurisdictions, and an ever-changing technological battlefield has created a situation where cyber-criminals can operate lucrative businesses with little risk of being caught or punished. The most brazen example of this is the growth of botnets. Attackers write viruses that compromise end hosts and tie them into a command and control system that enables the attacker to issue commands , install software, and otherwise control compromised machines. These networks are the basis for a whole underground economy in stolen financial information, stolen identities, spam email, and DoS attacks. The size of these botnets is large and growing. A variety of recent estimates put the total number of bots on the Internet well into the millions and some estimates go upward of hundreds of millions [3, 5]. Recent examples including the …