MCA^2: Multi-Core Architecture for Mitigating Complexity Attacks

Yehuda Afek, Anat Bremler-Barr, David Hay, Yotam Harchol, Yaron Koral
Conferences & Workshops
Cybersecurity, DDoS attack


This paper takes advantage of the emerging multi-core computer architecture to design a general framework for mitigating network-based complexity attacks. In complexity attacks, an attacker carefully crafts “heavy” messages (or packets) such that each heavy message consumes substantially more resources than a normal message. Then, it sends a sufficient number of heavy messages to bring the system to a crawl at best. In our architecture, called MCA^2 – Multi-Core Architecture for Mitigating Complexity Attacks – cores quickly identify such suspicious messages and divert them to a fraction of the cores that are dedicated to handle all the heavy messages. This keeps the rest of the cores relatively unaffected and free to provide the legitimate traffic the same quality of service as if no attack takes place.
We demonstrate the effectiveness of our architecture by examining cache-miss complexity attacks against Deep Packet Inspection (DPI) engines. For example, for Snort DPI engine, an attack in which 30% of the packets are malicious degrades the system throughput by over 50%, while with MCA^2 the throughput drops by either 20% when no packets are dropped or by 10% in case dropping of heavy packets is allowed. At 60% malicious packets, the corresponding numbers are 70%, 40% and 23%.

  author={Afek, Yehuda and Bremler-Barr, Anat and Harchol, Yotam and Hay, David and Koral, Yaron},
  booktitle={2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS)}, 
  title={MCA<sup>2</sup>: Multi-Core Architecture for Mitigating Complexity Attacks},