KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.

Slides:



Advertisements
Similar presentations
REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Advertisements

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Anomaly Based Intrusion Detection System
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Barracuda Web Application Firewall
19 Historical overview Main challenge: How to distribute content in high quality over the Internet cost-effectively? • Traditional “Best-effort” model:
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Web server security Dr Jim Briggs WEBP security1.
Content Delivery Networks. History Early 1990s sees 100% growth in internet traffic per year 1994 o Netscape forms and releases their first browser.
Lecture 15 Denial of Service Attacks
Design and Implementation of SIP-aware DDoS Attack Detection System.
DENIAL OF SERVICE ATTACK
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Evil DDos Attacks and Strong Defenses Group 6: Yisi Lu, YuanTong Lu, Hao Wu, YuChen Liu, Hua Li.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Firewalls. Similar to streaming a Video … Browser Network HTTP Requests Get: image.png HTTP Requests Get: image.png HTTP Requests Get: video.avi HTTP.
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.
Intrusion Prevention System. Module Objectives By the end of this module, participants will be able to: Use the FortiGate Intrusion Prevention System.
Global NetWatch Copyright © 2003 Global NetWatch, Inc. Factors Affecting Web Performance Getting Maximum Performance Out Of Your Web Server.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Web Application Firewall (WAF) RSA ® Conference 2013.
Protecting Web Servers from Content Request Floods Srikanth Kandula ▪ Shantanu Sinha ▪ Dina Katabi ▪ Matthias Jacob CSAIL –MIT.
--Harish Reddy Vemula Distributed Denial of Service.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.
Module 9: Implementing Caching. Overview Caching Overview Configuring General Cache Properties Configuring Cache Rules Configuring Content Download Jobs.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Firewall Policies. Module Objectives By the end of this module participants will be able to: Identify the components used in a firewall policy Create.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.
Mehmud Abliz, Taieb Znati, ACSAC (Dec., 2009). Outline Introduction Desired properties Basic scheme Improvements to the basic scheme Analysis Related.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
DoS/DDoS attack and defense
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.
Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Denial-of-Service Attacks
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Web Application Protection Against Hackers and Vulnerabilities
DDoS Attacks on Financial Institutions Presentation
A Real and Rising Concern
Web Server Protection against Application Layer DDoS Attacks using Machine Learning and Traffic Authentication Jema David Nidbwile*, Kazuya Okada**, Youki.
1. Public Network - Each Rackspace Cloud Server has two networks
Introduction to Networking
AKAMAI INTELLIGENT PLATFORM™
Lecture 3: Secure Network Architecture
Red Team Exercise Part 3 Week 4
Identifying Slow HTTP DoS/DDoS Attacks against Web Servers DEPARTMENT ANDDepartment of Computer Science & Information SPECIALIZATIONTechnology, University.
Presentation transcript:

KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST

@CSIT_QUB Detection, Mitigation and Prevention of Emerging Application Layer DDoS Attacks David Beckett, PhD Student 20/03/2015

Overview of Distributed Denial of Service (DDoS) Emerging Application Layer Attacks State of the art Detection and Mitigation methods Future Plans DDoS - Distributed Denial of Service

Distributed Denial of Service (DDoS) Attack An attempt to make a network or server unavailable to its intended users DDoS - Distributed Denial of Service

DDoS Attacks 2010

Types of Attacks Infrastructure Layer (3,4) Application Layer (7) Bandwidth CPU Conns CPU Mem Sessions

DDoS attack types observed by Arbor Networks (2014)

Why will application layer attacks become popular? Content Delivery Networks -Cache static content -Global network with large infrastructure Content Delivery Networks -Cache static content -Global network with large infrastructure Infrastructure Layer (3,4) Application Layer (7) Dynamic Application Layer Attack L3/L4 DDoS Bypass CDN protection Lower bandwidth required Difficult to detect Bypass CDN protection Lower bandwidth required Difficult to detect Firewall Protection -SYN Cookies -Signature rules for fragmented packets Firewall Protection -SYN Cookies -Signature rules for fragmented packets CDN absorbs the attack

HTTP GET – Attacker profiles the website and requests resources with large computation loads. HTTP POST - Slow Post Attack, Sends 1000 byte form post, 1 byte every 110 seconds. SSL Attack - Creates many SSL connections, the server has a larger workload than the client. Layer 7 Request Floods CPU Sessions CPU Mem Sessions Emerging Application Layer Attacks

State of the Art Detection Methods User Behavior Resource Popularity Page transitions using Hidden Markov Model Layer 7 Timing Statistics Compare page size vs browsing time GET/POST request frequencies Hidden Decoy Links Home Item Basket Pay 3s 9s 4s

State of the Art Mitigation Methods User Puzzles – CAPTCHAs Cryptographic Puzzles Network Puzzles Cloud Computing

Targeted Detection Approach Resource Monitoring CPU Usage Memory Usage Session Usage Anomaly Detection Anomaly Detection

Targeted Mitigation Approach Use of Software Defined Infrastructure (SDI) to Re-route suspicious traffic to decoy servers Minimise damage Further analysis Scale server resources

Identify attackers by their affect not their behaviour Light weight Detect low rate attacks Can detect zero day attacks Future Plans Creation of attack classifier Further development of test bed Summary and Future Plan

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.