@inproceedings{c0e9c8c0e3c64648b522a9e88ec658b3,
title = "X-Pro: Distributed XDP Proxies Against Botnets of Things",
abstract = "The steadily increasing Internet of Things (IoT) devices are vulnerable to be used as bots to launch distributed-denial-of-service (DDoS) attacks. In this paper, we present X-Pro, a distributed XDP proxy to counteract DDoS attacks. We propose a source-based defense mechanism where proxies located between the IoT devices and the victim performs flow policing on all IoT traffic from a single administrative domain. The proposed proxy architecture can be integrated in widely used IoT frameworks as well as telecommunication networks. The proxies are working synchronously to block bogus messages and to detect traffic levels above predefined thresholds. Our implementation leverages eXpress Data Path (XDP), a programmable packet processing in the Linux kernel, as the main engine in the proxy. We evaluate X-Pro from several standpoints and conclude that our solution offers efficient DoS traffic blocking for both low-rate or massive attacks. Depending on the device side implementation selection, the computational overhead is cheap at the cost of some bandwidth loss.",
keywords = "Denial of Service, Proxy, Security",
author = "Atiiq, {Syafiq Al} and Christian Gehrmann",
year = "2021",
doi = "10.1007/978-3-030-91625-1_4",
language = "English",
isbn = "9783030916244",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Science and Business Media B.V.",
pages = "51--71",
editor = "Nicola Tuveri and Antonis Michalas and Brumley, {Billy Bob}",
booktitle = "Secure IT Systems - 26th Nordic Conference, NordSec 2021, Proceedings",
address = "United States",
note = "26th Nordic Conference on Secure IT Systems, NordSec 2021 ; Conference date: 29-11-2021 Through 30-11-2021",
}