Francesco Da Dalt (ETH Zürich), Adrian Perrig (ETH Zurich)

Heavy–hitter detection underpins line-rate DDoS mitigation and rate-limiting, yet its resilience against adaptive adversaries is largely unexplored. We build an end-to-end evaluation framework that embeds heavy-hitter detection logic in a switch-level simulator, and auto-tunes its parameters using reinforcement learning to rate-limit elephant flows in the network. We subsequently confront the protection system with an adaptive adversary that learns to maximize throughput while evading detection and show that it manages to breach the configured bandwidth cap by up to 299%, exposing systematic blind spots. To harden the monitoring system we apply a form of joint adversarial training: detector and adversary co-evolve and reach an attack-defense Nash equilibrium in which the attacker’s ability to exploit network bandwidth has been reduced by a factor 2.2×. Lastly, we show that it is possible to use machine learning to create smart packet-synthesizers which are able to perform bandwidth exploits on 8 out of 9 tested systems, without any prior knowledge on the targeted detection system. We refer to this as a zero-shot attack as it does not require knowledge about the targeted heavy-hitter detection system to perform its function. Our open-source framework helps quantify underilluminated attack surfaces and provides a constructive approach towards adversarially robust data-plane flow monitoring.

View More Papers

One Email, Many Faces: A Deep Dive into Identity...

Mengying Wu (Fudan University, China), Geng Hong (Fudan University, China), Jiatao Chen (Fudan University, China), Baojun Liu (Tsinghua University, China), Mingxuan Liu (Zhongguancun Laboratory, China), Min Yang (Fudan University, China)

Read More

SoK: Cryptographic Authenticated Dictionaries

Harjasleen Malvai (University of Illinois, Urbana-Champaign), Francesca Falzon (ETH Zürich), Andrew Zitek-Estrada (EPFL), Sarah Meiklejohn (University College London), Joseph Bonneau (NYU)

Read More

Evaluating Impact of Coverage Feedback on Estimators for Maximum...

Nelum Attanayake (School of Computer Science, University of Sydney), Danushka Liyanage (School of Computer Science, University of Sydney), Clement Canonne (School of Computer Science, University of Sydney), Suranga Seneviratne (School of Computer Science, University of Sydney), Rahul Gopinath (School of Computer Science, University of Sydney)

Read More