Johns Hopkins university

Slides:

Advertisements

Similar presentations

RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.

Advertisements

RED Enhancement Algorithms By Alina Naimark. Presented Approaches Flow Random Early Drop - FRED By Dong Lin and Robert Morris Sabilized Random Early Drop.

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.

Congestion Control Reasons: - too many packets in the network and not enough buffer space S = rate at which packets are generated R = rate at which receivers.

Congestion Control Algorithms: Open Questions Benno Overeinder NLnet Labs.

Congestion Control: TCP & DC-TCP Swarun Kumar With Slides From: Prof. Katabi, Alizadeh et al.

Selfish Behavior and Stability of the Internet: A Game-Theoretic Analysis of TCP Presented by Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)

XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.

By Sam Rossoff. The Red Police Controlling High- Bandwidth Flows at the Congested Router By Ratul Mahajan Sally Floyd and David Wetherall.

One More Bit Is Enough Yong Xia, RPI Lakshminarayanan Subramanian, UCB Ion Stoica, UCB Shivkumar Kalyanaraman, RPI SIGCOMM’05, August 22-26, 2005, Philadelphia,

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP

1 Minseok Kwon and Sonia Fahmy Department of Computer Sciences Purdue University {kwonm, All our slides and papers.

AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.

Presented by Prasanth Kalakota & Ravi Katpelly

Buffer Sizing for Congested Internet Links Chi Yin Cheung Cs 395 Advanced Networking.

6/16/20151 On Designing Improved Controllers for AQM Routers Supporting TCP flows By C.V Hollot, Vishal Mishra, Don Towsley and Wei-Bo Gong Presented by.

EE689 Lecture 5 Review of last lecture More on HPF RED.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

Stochastic Fair Traffic Management for Efficient and Robust IP Networking Jae Chung Airvana Inc. Chelmsford, MA Mark Claypool, Robert Kinicki WPI.

1 Emulating AQM from End Hosts Presenters: Syed Zaidi Ivor Rodrigues.

FTDCS 2003 Network Tomography based Unresponsive Flow Detection and Control Authors Ahsan Habib, Bharat Bhragava Presenter Mohamed.

The War Between Mice and Elephants By Liang Guo (Graduate Student) Ibrahim Matta (Professor) Boston University ICNP’2001 Presented By Preeti Phadnis.

Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly.

Low-Rate TCP Denial of Service Defense Johnny Tsao Petros Efstathopoulos Tutor: Guang Yang UCLA 2003.

Diffusion Mechanisms for Active Queue Management Department of Electrical and Computer Engineering University of Delaware May 19th / 2004 Rafael Nunez.

Congestion Control for High Bandwidth-Delay Product Environments Dina Katabi Mark Handley Charlie Rohrs.

Ns Simulation Final presentation Stella Pantofel Igor Berman Michael Halperin

Analysis of Active Queue Management Jae Chung and Mark Claypool Computer Science Department Worcester Polytechnic Institute Worcester, Massachusetts, USA.

Buffer requirements for TCP: queueing theory & synchronization analysis Gaurav RainaDamon Wischik CambridgeUCL.

Congestion models for bursty TCP traffic Damon Wischik + Mark Handley University College London DARPA grant W911NF

Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.

Congestion Control - Supplementary Slides are adapted on Jean Walrand’s Slides.

Congestion Control for High Bandwidth-Delay Product Networks D. Katabi (MIT), M. Handley (UCL), C. Rohrs (MIT) – SIGCOMM’02 Presented by Cheng.

TCP Trunking: Design, Implementation and Performance H.T. Kung and S. Y. Wang.

Stochastic Fair Blue: A Queue Management Algorithm for Enforcing Fairness W. Feng, D. Kandlur, D. Saha, and K. Shin Presented by King-Shan Lui.

Queueing and Active Queue Management Aditya Akella 02/26/2007.

15744 Course Project1 Evaluation of Queue Management Algorithms Ningning Hu, Liu Ren, Jichuan Chang 30 April 2001.

Analysis of Buffer Size in Core Routers by Arthur Dick Supervisor Anirban Mahanti.

AQM & TCP models Courtesy of Sally Floyd with ICIR Raj Jain with OSU.

1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.

PCP: Efficient Endpoint Congestion Control NSDI, 2006 Thomas Anderson, Andrew Collins, Arvind Krishnamurthy and John Zahorjan University of Washington.

We used ns-2 network simulator [5] to evaluate RED-DT and compare its performance to RED [1], FRED [2], LQD [3], and CHOKe [4]. All simulation scenarios.

Dynamic Behavior of Slowly Responsive Congestion Control Algorithms (Bansal, Balakrishnan, Floyd & Shenker, 2001)

Advanced Computer Networks

Corelite Architecture: Achieving Rated Weight Fairness

Denial of Service Attacks

Impact of New CC on Cross Traffic

QoS & Queuing Theory CS352.

Topics discussed in this section:

Kaixin Xu, Mario Gerla University of California, Los Angeles {xkx,

The Taming of The Shrew: Mitigating Low-Rate TCP-targeted Attack

Router-Assisted Congestion Control

Open Issues in Router Buffer Sizing

Columbia University in the city of New York

EE 122: Router Support for Congestion Control: RED and Fair Queueing

Lecture 19 – TCP Performance

Queuing and Queue Management

Amogh Dhamdhere, Hao Jiang and Constantinos Dovrolis

SPEAKER: Yu-Shan Chou ADVISOR: DR. Kai-Wei Ke

FAST TCP : From Theory to Experiments

COMP/ELEC 429/556 Introduction to Computer Networks

Max Min Fairness How define fairness?

Congestion Control Reasons:

Network Performance Definitions

EECS 122: Introduction to Computer Networks Packet Scheduling and QoS

Adaptive RED: An Algorithm for Increasing the Robustness of RED’s Active Queue Management or How I learned to stop worrying and love RED Presented by:

Presentation transcript:

Johns Hopkins university On the Effect of Router Buffer Sizes on Low-rate Denial of Service Attacks Sandeep Sarat Andreas Terzis Johns Hopkins university

Router Buffers Packets are buffered during congestion epochs. Buffer sizing. “Traditional” rule of thumb: [AKM04] result: B,B’ – buffer size. – average round trip time. N - the number of flows sharing the link. C - the capacity of the link.

Consequences Link utilization not affected by smaller buffer size [AKM04]. Question: are denial of service attacks more effective in this setting? Router dos attack categories: Brute force: flood the link. Low-rate: pulsing attack, with low average rate.

Shrew: Low Rate Denial of Service Attack Idea: keep the buffer full for a sufficiently long time: O(RTT). Result: multiple drops from the same flow. Average attack rate = p*l/t. T = min{RTO} of flows (= 1 second).

Shrew Attack (Continued) Low-RTT flows penalized more heavily. Overall link utilization is reduced. Low-rate TCP-targeted denial of service attacks (the shrew vs. the mice vs. the elephant). A. Kuzmanovic, E. Knightly, SIGCOMM 03 .

Traffic Analysis Minimum input traffic to keep the buffer full for seconds= B0 is the instantaneous queue size. Worst case scenario: link is fully utilized by TCP and other traffic. Total shrew traffic Is the fraction of the buffer full at the onset of the attack.

Traffic Analysis (Contd.) With a unit increase in m, each shrew needs to increase its mean rate by Fair queuing schemes can limit a flow’s average sending rate to O(C/N). As m increases, shrews are forced to increase their sending rate above C/N threshold

Evaluation Used ns-2 for verification. Classic dumb-bell topology. RTTs range uniformly between 20-460 ms [FK02]. Buffer size is varied as Use a fairness enforcing active queue Management (AQM) scheme. Red-pd.

Red-pd Use RED packet drop history to determine malicious flows. Intuition: more drops  higher bandwidth. Configurable target round trip time parameter – R Calculate the average sending rate f of a flow P is the ambient loss rate. Protects flows with RTT > R. We experiment with R=40ms and R=120ms.

Low-speed Link 10 mbps, 20 TCP flows, 1 shrew. P = 10 mbps, l = 200 ms, T = 1.2 sec. Compare utilization with an equivalent CBR flow. Utilization of link: M = 2, R = 120 ms, within 91% of non-shrew scenario.

High Speed Link OC-3 (155 mbps). 250 flows, 10 shrews ( 4%). P = 20 mbps, l = 200 ms, T = 1.2 s. Utilization of link: M = 5, R = 120 ms, within 99% of non-shrew scenario.

Shrew Rate Increase From analysis. Increase in buffer size size  increase in sending rate. Almost linear increase, as analysis shows. The shrew rate grows to a considerable proportion of the link capacity: no longer low-rate.

Summary A moderate increase in buffer size over the Stanford model renders the shrew ineffective. Shrews need to send faster to fill up the buffer, and are no longer low-rate. Caveat: we need an AQM scheme to detect the malicious flow. Question: can we detect without an AQM scheme?