When Mice devour the Elephants: A DDoS attack against size-based scheduling schemes in the internet

Size-based scheduling (SBS) has been shown to offer significant performance improvement in Web servers and routers. However, most of the performance benefits offered by SBS rely on the premise that the scheduler will interact with a “well behaved” heavy tailed job size distribution. In this paper we design an attack that degrades the performance of an SBS scheduler by subjecting it to a job size distribution which violates the core traffic properties from which SBS derives its strengths. Through theoretical work and a wide range of experiments, we demonstrate the lethality of the attack against routers that use SBS. Additionally, we cite evidence that indicates why the tools and practical manoeuvres required to carry out the attack on a live network are within the reach of adversaries. As flavors of SBS begin to grace the Internet, the paper provides a timely cautionary note on the challenges that SBS could face if widely deployed without specialized defense mechanisms.