Inferring Internet Denial-of-Service Activity Authors: David Moore, Geoffrey M. Voelker and Stefan Savage; University of California, San Diego Publish:

Slides:



Advertisements
Similar presentations
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Advertisements

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage Presented by Qian.
Analysis of a Denial of Service Attack on TCP Christoph L.Schuba, Ivan V.Krsul, Markus G. Kuhn, Eugene H.Spafford, Aurobindo Sundaram, Diego Zamboni July.
Use of Measurements in Anomaly Detection CS 8803: Network Measurements Seminar Instructor: Constantinos Dovrolis Fall 2003 Presenter: Buğra Gedik.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
Outline Definition Point-to-point network denial of service
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.
Lecture 15 Denial of Service Attacks
Design and Implementation of SIP-aware DDoS Attack Detection System.
Denial of Service attacks. Types of DoS attacks Bandwidth consumption attackers have more bandwidth than victim, e.g T3 (45Mpbs) attacks T1 (1.544 Mbps).
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Introduction to Honeypot, Botnet, and Security Measurement
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Characteristics of Internet Background Radiation Authors: Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, & Larry Peterson & Larry Peterson.
Fast Portscan Detection Using Sequential Hypothesis Testing Authors: Jaeyeon Jung, Vern Paxson, Arthur W. Berger, and Hari Balakrishnan Publication: IEEE.
Roya Ensafi, Jong Chun Park, Deepak Kapur, and Jedidiah R. Crandall University of New Mexico, Dept. of Computer Science USENIX 2010.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Final Introduction ---- Web Security, DDoS, others
Mitsubishi Research Institute, Inc Analyses on Distribution of Malicious Packets and Threats over the Internet August 27-31, 2007 APAN Network Research.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
Network Security Lecture 6 Presented by: Dr. Munam Ali Shah.
MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.
Ethics of Distributed DoS (Why TFN is Evil) March 2, 2000 Mintcho Petkov Dartmouth College.
The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
02/25/02DDoS/Traceback-Characterisation Ozgur Ozturk 1 DDoS/Traceback Paper Group # 23: Characterization Ozgur Ozturk CSE W02 Internet Technologies.
NETWORK ATTACKS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.
Denial of Service Attacks
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
Session 2.
________________ CS3235, Nov 2002 (Distributed) Denial of Service Relatively new development. –Feb 2000 saw attacks on Yahoo, buy.com, ebay, Amazon, CNN.
1 Attacking DDoS at the Source Jelena Mirković, Gregory Prier, Peter Reiher University of California Los Angeles Presentation by: David Allen.
CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.
Inferring Denial of Service Attacks David Moore, Geoffrey Volker and Stefan Savage Presented by Rafail Tsirbas 4/1/20151.
DoS/DDoS attack and defense
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
1 Figure 4-11: Denial-of-Service (DoS) Attacks Introduction  Attack on availability  Act of vandalism Single-Message DoS Attacks  Crash a host with.
Characteristics of Internet Background Radiation ACM Internet Measurement Conference (IMC), 2004 Authors: Ruoming Pang, Vinod Yegneswaran, Paul Barford,
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
Denial-of-Service Attacks
AP Waseem Iqbal.  DoS is an attack on computer or network that reduces, restricts or prevents legitimate of its resources  In a DoS attack, attackers.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
The Internet Motion Sensor: A Distributed Blackhole Monitoring System Authors: Michael Bailey, Evan Cooke, Farnam Jahanian, Jose Nazario, and David Watson.
General Classes of TCP/IP Problems
Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)
Intro to Denial of Serice Attacks
DDoS Attack and Its Defense
Presentation transcript:

Inferring Internet Denial-of-Service Activity Authors: David Moore, Geoffrey M. Voelker and Stefan Savage; University of California, San Diego Publish: Usenix Security Symposium 2001 Presenter: Xingbo Gao

Outline Contribution Motivation Introduction of Denial-of-Service (DoS) Attacks Basic Methodology Attack Classification Results Strengths, Weakness and Improvements

Contribution Presented a novel technique “backscatter analysis” to estimate the worldwide DoS activity Performed three-week long real experiments on /8 network and classified the DoS attacks quantitatively

Motivation How prevalent are DoS attacks in the Internet today?  How often?  What attack protocols used?  Attack rate?  Attack duration?  Victim names and domains?  And more …

DoS Attack Introduction Devastating  Feb “fast” and “intense” assault took down Yahoo, Ebay and E*trade  Yahoo main site were unreachable for around three hours on Monday  "This was so fast and so intense that we couldn't even redirect our traffic," Yahoo spokesperson said. (CNN)  Jan manual mis-configuration of a router caused Microsoft websites unreachable for Tue and Wed; inaccessible throughout Thursday due to a DoS attack (PC World)  FBI investigated both incidents …

DoS Attack Introduction - contd Logic attacks: software flaws  Ping-of-Death Flooding attacks: overwhelm CPU, memory or network resources  SYN flood  TCP ACK, NUL, RST and DATA floods  ICMP Echo Request floods  And so on …

DoS Attack Introduction - contd SYN flood TCP RST SD SYN x SYN y, ACK x+1 ACK y+1 LISTEN SYN_RECVD CONNECTED AD Non-existent spoofed SYN LISTEN SYN_RECVD SYN+ACK Port flooding occurs

DoS Attack Introduction - contd Distributed denial-of-service attack (DDoS)  Control a group of “zombie” hosts to launch assault on specific target(s)  A botnet can perform the DDoS attacks IP spoofing  Attackers forge IP source addresses  Simple technique but very difficult to trace-back  “Backscatter” is based on IP spoofing

Basic Methodology - Backscatter AttackerVictim E B D backscatter

Experimental Platform Internet Hub /8 network Monitor n - # distinct IP addresses monitored m - # attacking packets R’ – measured average inter-arrival rate of backscatter

Attack Classification Flow-based classification  A flow is a series of consecutive packets sharing the same target IP address and IP protocol  Flow lifetime: fixed five-minute approach  Reduce noise and misconfiguration traffic by setting thresholds  Extract packet information from flows Event-based classification  Flow-based obscures time-domain characteristics  An attack event is defined by a victim emitting at least ten backscatter packets in one minute

Experimental Results Breakdown of attack protocols

Attack Frequency Estimated number of attacks per hour as a function of time (UTC)

Attack Rate and Duration Cumulative distribution of estimated attack rates in packets per second Probability density of attack durations

Strengths of the Paper Presented a novel technique “backscatter analysis” to estimate the worldwide DoS activity Performed three-week long real experiments on /8 network and classified the DoS attacks quantitatively Data is still available for public research

Weakness of the Paper Analysis Limitations  Uniformity of spoofed source addresses  Reliable delivery of backscatter  Backscatter hypothesis Difficult to validate Unable to explain some scenarios presented in resulted graphs

How to Improve the Paper? Find and create a theoretic model to model DoS attacks like worm propagation? Take geography into consideration Take more researches and experiments to fully explain the figures presented

Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.