The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Xiaoqi Chen

Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.

SmartCookie: Blocking Large-Scale SYN Floods with a Split-Proxy Defense on Programmable Data Planes

Oct 16, 2024

Download: Video Icon MP4 Video Size: 168.6MB  
Watch on Youtube Watch on YouTube

Abstract

Despite decades of mitigation efforts, SYN flooding attacks continue to increase in frequency and scale, and adaptive adversaries continue to evolve. In this talk, I will briefly introduce some background on the SYN flooding attack, existing defenses via SYN cookies and challenges to scale them to very high line rate (100Gbps+), and then present our latest work SmartCookie (USENIX Security '24). SmartCookie's innovative split-proxy defense design leverages high-speed programmable switches for fast and secure SYN cookie generation and verification, while implementing a server-side agent using eBPF to enable scalability for serving benign traffic. SmartCookie can defend against attack rate up to 130+ million packet per second with no packet loss, while also achieving 2x-6.5x lower end-to-end latency for benign traffic compared to existing switch-based hardware defenses.

About the Speaker

Xiaoqi Chen
Xiaoqi Chen recently joined as an assistant professor at the School of Electrical and Computer Engineering, Purdue University. His research focuses on utilizing algorithm design for high-speed network data planes to improve network measurement and telemetry, implement closed-loop optimization for intelligent resource allocation and congestion control, as well as to enable novel approaches for enhancing network security and privacy.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!