Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

X-Pro : Distributed XDP Proxies Against Botnets of Things

Atiiq, Syafiq Al LU and Gehrmann, Christian LU (2021) 26th Nordic Conference on Secure IT Systems, NordSec 2021 In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 13115 LNCS. p.51-71
Abstract

The steadily increasing Internet of Things (IoT) devices are vulnerable to be used as bots to launch distributed-denial-of-service (DDoS) attacks. In this paper, we present X-Pro, a distributed XDP proxy to counteract DDoS attacks. We propose a source-based defense mechanism where proxies located between the IoT devices and the victim performs flow policing on all IoT traffic from a single administrative domain. The proposed proxy architecture can be integrated in widely used IoT frameworks as well as telecommunication networks. The proxies are working synchronously to block bogus messages and to detect traffic levels above predefined thresholds. Our implementation leverages eXpress Data Path (XDP), a programmable packet processing in... (More)

The steadily increasing Internet of Things (IoT) devices are vulnerable to be used as bots to launch distributed-denial-of-service (DDoS) attacks. In this paper, we present X-Pro, a distributed XDP proxy to counteract DDoS attacks. We propose a source-based defense mechanism where proxies located between the IoT devices and the victim performs flow policing on all IoT traffic from a single administrative domain. The proposed proxy architecture can be integrated in widely used IoT frameworks as well as telecommunication networks. The proxies are working synchronously to block bogus messages and to detect traffic levels above predefined thresholds. Our implementation leverages eXpress Data Path (XDP), a programmable packet processing in the Linux kernel, as the main engine in the proxy. We evaluate X-Pro from several standpoints and conclude that our solution offers efficient DoS traffic blocking for both low-rate or massive attacks. Depending on the device side implementation selection, the computational overhead is cheap at the cost of some bandwidth loss.

(Less)
Please use this url to cite or link to this publication:
author
and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
Denial of Service, Proxy, Security
host publication
Secure IT Systems - 26th Nordic Conference, NordSec 2021, Proceedings
series title
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
editor
Tuveri, Nicola ; Michalas, Antonis and Brumley, Billy Bob
volume
13115 LNCS
pages
21 pages
publisher
Springer Science and Business Media B.V.
conference name
26th Nordic Conference on Secure IT Systems, NordSec 2021
conference location
Virtual, Online
conference dates
2021-11-29 - 2021-11-30
external identifiers
  • scopus:85119860699
ISSN
1611-3349
0302-9743
ISBN
9783030916244
DOI
10.1007/978-3-030-91625-1_4
language
English
LU publication?
yes
id
c0e9c8c0-e3c6-4648-b522-a9e88ec658b3
date added to LUP
2021-12-14 15:20:18
date last changed
2025-01-13 19:55:36
@inproceedings{c0e9c8c0-e3c6-4648-b522-a9e88ec658b3,
  abstract     = {{<p>The steadily increasing Internet of Things (IoT) devices are vulnerable to be used as bots to launch distributed-denial-of-service (DDoS) attacks. In this paper, we present X-Pro, a distributed XDP proxy to counteract DDoS attacks. We propose a source-based defense mechanism where proxies located between the IoT devices and the victim performs flow policing on all IoT traffic from a single administrative domain. The proposed proxy architecture can be integrated in widely used IoT frameworks as well as telecommunication networks. The proxies are working synchronously to block bogus messages and to detect traffic levels above predefined thresholds. Our implementation leverages eXpress Data Path (XDP), a programmable packet processing in the Linux kernel, as the main engine in the proxy. We evaluate X-Pro from several standpoints and conclude that our solution offers efficient DoS traffic blocking for both low-rate or massive attacks. Depending on the device side implementation selection, the computational overhead is cheap at the cost of some bandwidth loss.</p>}},
  author       = {{Atiiq, Syafiq Al and Gehrmann, Christian}},
  booktitle    = {{Secure IT Systems - 26th Nordic Conference, NordSec 2021, Proceedings}},
  editor       = {{Tuveri, Nicola and Michalas, Antonis and Brumley, Billy Bob}},
  isbn         = {{9783030916244}},
  issn         = {{1611-3349}},
  keywords     = {{Denial of Service; Proxy; Security}},
  language     = {{eng}},
  pages        = {{51--71}},
  publisher    = {{Springer Science and Business Media B.V.}},
  series       = {{Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}},
  title        = {{X-Pro : Distributed XDP Proxies Against Botnets of Things}},
  url          = {{http://dx.doi.org/10.1007/978-3-030-91625-1_4}},
  doi          = {{10.1007/978-3-030-91625-1_4}},
  volume       = {{13115 LNCS}},
  year         = {{2021}},
}