Shrew Attack in Cloud Data Center Networks

Multi-tenancy and lack of network performance isolation among tenants together make the public cloud vulnerable to attacks. This paper studies one of the potential attacks, namely, low-rate denial-of-service (DoS) attack (or textit{Shrew} attack for short), in cloud data center networks (DCNs). To explore the feasibility of launching Shrew attack from the perspective of a normal external tenant, we first leverage a loss-based probe to identify the locations and capabilities of the underlying bottlenecks, and then make use of the low-latency feature of DCNs to synchronize the participating attack flows. Moreover, we quantitatively analyze the necessary and sufficient traffic for an effective attack. Using a combination of analytical modeling and extensive experiments, we demonstrate that a tenant could initiate an efficient Shrew attack with extremely little traffic, e.g., milliseconds-long burst traffic, which imposes significant difficulty for the switching boxes and counter-DoS mechanisms to detect. We identify that both the conventional protocol assumption and new features of DCNs enable such Shrew attack, and new techniques are required to thwart it in the DCNs.