research-article

When Power Oversubscription Meets Traffic Flood Attack: Re-Thinking Data Center Peak Load Management

Authors:

Minyi GuoAuthors Info & Claims

ICPP '19: Proceedings of the 48th International Conference on Parallel Processing

Article No.: 13, Pages 1 - 10

https://doi.org/10.1145/3337821.3337856

Published: 05 August 2019 Publication History

Abstract

The state-of-the-art techniques on data center peak power management are too optimistic; they overestimate their benefits in a potentially insecure operating environment. Especially in data centers that oversubscribe power infrastructure, it is likely that unexpected traffics can violate power budget before an effective network DoS attack is observed. In this work, we take the first to investigate the joint effect of power throttling and traffic flooding. We characterize a special operating region in which DoS attacks can provoke undesirable power peaks without exhibiting network traffic anomalies. In this region, an attacker can trigger power emergency by sending normal traffics throughout the Internet. We term this new type of threat as DOPE (Denial of Power and Energy). We show that existing technologies are insufficient for eliminating DOPE without negative performance effects on legitimate users. To enhance data center resiliency, we propose a request-aware power management framework called Anti-DOPE. The key feature of Anti-DOPE is bridging the gap between network traffic controlling and server power management. Specifically, it pre-processes of incoming requests to isolate malicious power attacks on the network load balancer side and then post-processes of compute node performance to minimize the collateral damage it may cause. Anti-DOPE is orthogonal to prior power management schemes and requires minute system modification. Using Alibaba container trace we show that Anti-DOPE allows 44% shorter average response time. It also improves the 90th percentile tail latency by 68.1% compared to the other power controlling methods.

References

[1]

Alibaba. 2018. Alibaba Cloud Object Storage Service Trace Data. https://github.com/alibaba/clusterdata.

[2]

NetScout Arbor. 2016. Worldwide Infrastructure Security Report: Volume XII.

[3]

NetScout Arbor. 2017. Insight into the Global Threat Landscape: NetScout Arbor's 13th Annual Worldwide Infrastructure Security Report.

[4]

BoNeSi. 2019. https://github.com/markus-go/bonesi.

[5]

RioRey Company. 2012. RioRey Taxonomy of DDoS Attacks. http://www.riorey.com/x-resources/2012/RioReyTaxonomyDDoSAttacks2012.eps.

[6]

Pivotal Software Cooperation. 2018. Spring Boot.

[7]

Inter Corporation. 2016. IntelÂő 64 and IA-32 Architectures Software Developer's Manual. Volume 3B: System Programming Guide, Part 2.

[8]

A. Bhattacharya et al. 2012. The Need for Speed and Stability in Data Center Power Capping. In IGCC.

Digital Library

[9]

B. Hang et al. 2009. A Novel SYN Cookie Method for TCP Layer DDoS Attack. In BioMedical Information Engineering.

[10]

C. Hsu et al. 2018. Smooth-Operator: Reducing Power Fragmentation and Improving Power Utilization in Large-scale Datacenters. In ASPLOS.

Digital Library

[11]

C. Li et al. 2014. Towards Automated Provisioning and Emergency Handling in Renewable Energy Powered Datacenters. In JCST.

[12]

C. Li et al. 2016. Power Attack Defense: Securing Battery-Backed Data Centers. In ISCA.

Digital Library

[13]

D. Meisner et al. 2009. PowerNap: Eliminating Server Idle Power. In ASPLOS.

Digital Library

[14]

D. M. Nessett et al. 1999. Multilayer Firewall System.

[15]

D. Woo et al. 2007. Analyzing Performance Vulnerability Due to Re-source Denial of Service Attack on Chip Multiprocessors. In CMP-MSI.

[16]

D. Wang et al. 2012. Energy Storage in Datacenters: What, Where,and How much?. In SIGMETRICS.

Digital Library

[17]

D. Wang et al. 2013. Virtualizing power distribution in datacenters. In ISCA.

Digital Library

[18]

D. Wang et al. 2014. Underprovisioning Backup Power Infrastructure for Datacenters. In ASPLOS.

Digital Library

[19]

F. Palmieri et al. 2011. EvaluatingNetwork-based DoS Attacks Under the Energy Consumption Perspective: New Security Issues in the Coming Green ICT Area. In BWCCA.

Digital Library

[20]

F. Palmieri et al. 2014. Adaptive Stealth Energy-Related DoS Attacks against Cloud Data Centers. In International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

Digital Library

[21]

F. Palmieri et al. 2014. Energy-oriented Denial of Service Attacks: An Emerging Menace For Large Cloud Infrastructures. In SC.

Digital Library

[22]

G. Somani et al. 2015. DDoS Attacks in Cloud Computing: Issues, Taxonomy, and Future Directions. CoRR.

Digital Library

[23]

G. Vigna et al. 1998. NetSTAT: A Network-based Intru-sion Detection Approach. In ACSAC.

Digital Library

[24]

K. Singh et al. 2017. Application Layer HTTP-GET Flood DDoS Attacks: Research Landscape and Challenges. In Computers & Security.

Digital Library

[25]

K. Yeung et al. 2018. Tools for Attacking Lay-er 2 Network Infrastructure. In IAENG.

[26]

L. Liu et al. 2015. Leveraging Heterogeneous Power for Improving Datacenter Efficiency and Resiliency. In CAL.

[27]

L. Wang et al. 2014. Big-databench: A Big Data Benchmark Suite from Internet Services. (2014).

[28]

M. Ficco et al. 2017. Introducing Fraudulent Energy Consumption in Cloud Infrastructures: a New Generation of Denial-of-service Attacks. In IEEE Systems Journal.

[29]

S. Behal et al. 2017. Characterization and Comparison of DDoS Attack Tools and Traffic Generators: A Review. In IJ Network Security.

[30]

S. Govindan et al. 2011. Benefits and Limitations of Tapping into Stored Energy for Datacenters. In ISCA.

Digital Library

[31]

S. Govindan et al. 2012. Leveraging Stored Energy for Handling Power Emergencies in Aggressively Provisioned Datacenters. In ASPLOS.

Digital Library

[32]

T. Boraten et al. 2016. Mitigation of Denial of Service Attack with Hardware Trojans in NoC Architectures. In IPDPS.

[33]

T. Martin et al. 2004. Denial-of-service Attacks on Battery-powered Mobile Computers. In PerCom.

Digital Library

[34]

V. Varadarajan et al. 2012. Resource-freeing Attacks: Improve Your cloud Performance (at your neighbor's expense). In CCS.

Digital Library

[35]

X. Fan et al. 2007. Power provisioning for a warehouse-sized computer. In ISCA.

Digital Library

[36]

X. Hou et al. 2018. Power Grab in Aggressively Provisioned Data Centers: What is the Risk and What Can Be Done About It. In ICCD.

[37]

Y. Chen et al. 2005. Managing Server Energy and Operational Costs in Hosting Centers. In SIGMETRICS.

Digital Library

[38]

Y. Xie et al. 2009. Monitoring the Application-Layer DDoS Attacks for Popular Websites. In TON.

Digital Library

[39]

Zaf et al. 2018. A Lightweight Bash Shell Script Designed to Block DoS Attacks.

[40]

Z. He et al. 2017. Host-Based Dos Attacks and Defense in the Cloud. In HASP.

[41]

Z. He et al. 2017. Machine Learning Based DDoS Attack Detection from Source Side in Cloud. In CSCloud.

[42]

Z. Wu et al. 2012. On Energy Security of Server Systems. In TDSC.

Digital Library

[43]

Z. Xu et al. 2014. Power Attack: An Increasing Threat to Data Centers. In NDSS.

[44]

The Apache Software Foundation. 2018. ab-Apache HTTP Server Benchmarking Tool. https://httpd.apache.org/docs/2.4/programs/ab.html.

[45]

Google. 2016. Best Practices for DDoS Protection and Mitigation on Google Cloud Platform.

[46]

IBM. 2016. POWER8 Processor Datasheet for the Single-Chip Module.

[47]

Ponemon Institute. 2016. The Cost of Denial of Service Attacks (Data Center Performance Benchmark Series.

[48]

M. Kumar. 2011. DDOSIM Layer 7 DDoS Simulator. https://thehackernews.com/2011/01/ddosim-layer-7-ddos-simulator.html.

[49]

Netstress. 2019. https://netstress.org/.

[50]

Verisign. 2016. Verisign Distributed Denial of Service Trends Report.

[51]

In ACME Labs Webmaster. 2016. Multiprocessing http Test Client. https://acme.com/software/http_load/.

Cited By

Hou XTang PXu TXu CLi CGuo M(2024)CPM: A Cross-layer Power Management Facility to Enable QoS-Aware AIoT Systems2024 IEEE/ACM 32nd International Symposium on Quality of Service (IWQoS)10.1109/IWQoS61813.2024.10682859(1-10)Online publication date: 19-Jun-2024
https://doi.org/10.1109/IWQoS61813.2024.10682859
Xu CHou XLiu JLi CHuang TZhu XNiu MSun LTang PXu TCheng KGuo M(2023)MMBench: Benchmarking End-to-End Multi-modal DNNs and Understanding Their Hardware-Software Implications2023 IEEE International Symposium on Workload Characterization (IISWC)10.1109/IISWC59245.2023.00014(154-166)Online publication date: 1-Oct-2023
https://doi.org/10.1109/IISWC59245.2023.00014
Yin YWu JZhou XEeckhout LQouneh ALi TYu Z(2020)COPA: Highly Cost-Effective Power Back-Up for Green DatacentersIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2019.294833631:4(967-980)Online publication date: 16-Jan-2020
https://dl.acm.org/doi/10.1109/TPDS.2019.2948336

Recommendations

A lab implementation of SYN flood attack and defense
SIGITE '08: Proceedings of the 9th ACM SIGITE conference on Information technology education

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. SYN flood attack is one of the most common types of DoS. In this lab, we model and simulate a real world ...
Approximation knob: Power Capping meets energy efficiency
2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)
Power Capping techniques are used to restrict power consumption of computer systems to a thermally safe limit. Current many-core systems employ dynamic voltage and frequency scaling (DVFS), power gating (PG) and scheduling methods as actuators for power ...
Power attack: An imminent security threat in real-time system for detecting missing rail blocks in developing countries
Abstract
Exploration of potential security threats and vulnerabilities of a real-time system specifically designed for detecting missing rail blocks in the context of developing countries is yet to be explored. Therefore, in this paper, we ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICPP '19: Proceedings of the 48th International Conference on Parallel Processing

August 2019

1107 pages

ISBN:9781450362955

DOI:10.1145/3337821

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

University of Tsukuba: University of Tsukuba

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

ICPP 2019

ICPP 2019: 48th International Conference on Parallel Processing

August 5 - 8, 2019

Kyoto, Japan

Acceptance Rates

Overall Acceptance Rate 91 of 313 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
208
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 23 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hou XTang PXu TXu CLi CGuo M(2024)CPM: A Cross-layer Power Management Facility to Enable QoS-Aware AIoT Systems2024 IEEE/ACM 32nd International Symposium on Quality of Service (IWQoS)10.1109/IWQoS61813.2024.10682859(1-10)Online publication date: 19-Jun-2024
https://doi.org/10.1109/IWQoS61813.2024.10682859
Xu CHou XLiu JLi CHuang TZhu XNiu MSun LTang PXu TCheng KGuo M(2023)MMBench: Benchmarking End-to-End Multi-modal DNNs and Understanding Their Hardware-Software Implications2023 IEEE International Symposium on Workload Characterization (IISWC)10.1109/IISWC59245.2023.00014(154-166)Online publication date: 1-Oct-2023
https://doi.org/10.1109/IISWC59245.2023.00014
Yin YWu JZhou XEeckhout LQouneh ALi TYu Z(2020)COPA: Highly Cost-Effective Power Back-Up for Green DatacentersIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2019.294833631:4(967-980)Online publication date: 16-Jan-2020
https://dl.acm.org/doi/10.1109/TPDS.2019.2948336

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents