- Issues, Answers & A Comparison 江政祐 Henry, Cheng-You Chiang

Slides:



Advertisements
Similar presentations
CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Advertisements

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Analyzing Cooperative Containment Of Fast Scanning Worms Jayanthkumar Kannan Joint work with Lakshminarayanan Subramanian, Ion Stoica, Randy Katz.
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.
Authors: Thomas Ristenpart, et at.
Defense Against DDoS Presented by Zhanxiang for [Crab] Apr. 15, 2004.
Design and Implementation of SIP-aware DDoS Attack Detection System.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Review of IP traceback Ming-Hour Yang The Department of Information & Computer Engineering Chung Yuan Christian University
Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,
SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
1 Heterogeneity in Multi-Hop Wireless Networks Nitin H. Vaidya University of Illinois at Urbana-Champaign © 2003 Vaidya.
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 5, MAY 2007 Presented by: C. W. Fan-Chiang.
DoS/DoS Detection and Mitigation Mujahid Khan
ARP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Reviewed by Dave Lim.
A Divide-and-Conquer Strategy for Thwarting DDoS Attacks Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri.
Packet-Marking Scheme for DDoS Attack Prevention
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 12 – 3/24/05 1 Resource Limitations  Don’t allow an individual attack machine to.
By Rod Lykins.  Brief DDoS Introduction  Packet Marking Overview  Other DDoS Defense Mechanisms.
DoS/DDoS attack and defense
Automated Worm Fingerprinting Authors: Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage Publish: OSDI'04. Presenter: YanYan Wang.
Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.
Spoofing Prevention Method Srikanth T.S.S. Sri Lakshmi Ramya S.
What's a Firewall? A security system that acts as a protective boundary between a network and the outside world Isolates computer from the internet using.
Research Direction Introduction Advisor: Frank, Yeong-Sung Lin Presented by Hui-Yu, Chung 2011/11/22.
Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.
Denial of Service Mitigation with OpenFlow using SciPass
An Introduction To ARP Spoofing & Other Attacks
Network Anti-Spoofing with SDN Data plane Authors:Yehuda Afek et al.
Pi: A Path Identification Mechanism to Defend Against DDoS Attacks
Defending Against DDoS
CONTRA Camouflage of Network Traffic to Resist Attack (Intrusion Tolerance Using Masking, Redundancy and Dispersion) DARPA OASIS PI Meeting – Hilton Head.
Filtering Spoofed Packets
Stateless Source Address Mapping for ICMPv6 Packets
Virtual LANs.
Defending Against DDoS
Preventing Internet Denial-of-Service with Capabilities
AKAMAI INTELLIGENT PLATFORM™
Detecting Targeted Attacks Using Shadow Honeypots
Presented by Oleg Rekutin
CORE Security Technologies
Network Support For IP Traceback
IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.
Near-Optimal Filter Allocation Policy against DDoS Attacks
IIT Indore © Neminath Hubballi
Detect and Prevent Rogue Traffic in Mobile Ad Hoc Networks
Outline Network characteristics that affect security
DDoS Attack and Its Defense
Computer Networks ARP and RARP
Statistical based IDS background introduction
Introduction to Internet Worm
PCAV: Evaluation of Parallel Coordinates Attack Visualization
NetWarden: Mitigating Network Covert Channels without Performance Loss
Presentation transcript:

- Issues, Answers & A Comparison 江政祐 Henry, Cheng-You Chiang A Divide-and-Conquer Strategy for Thwarting Distributed Denial of-Service Attacks - Issues, Answers & A Comparison 江政祐 Henry, Cheng-You Chiang

Agenda Abstract INTRODUCTION 2.1 Assumptions 2.2 Overview of AD and PAD 2.5 Analysis of False Positives 3.4 Gradual Deployment Considerations 4 SIMULATION AND RESULTS A Comparison

Abstract How does this scheme deal with the problem that, nowadays, there exist : Numerous DDoS attackers Scarce and expensive filter resources

INTRODUCTION Source of Ideas FROM : Current Paper FROM: Optimal Filtering for DDoS Attacks

INTRODUCTION Mitigation techniques can be divided into two categories FIRST To regard DDoS defense as a resource allocation problem effectively suppress attackers that generate traffic at a high rate high-rate legitimate traffic may be throttled, causing “collateral damage” not effective against low-rate DDoS attacks

INTRODUCTION Mitigation techniques can be divided into two categories SECOND Two modules: an attack detection module and a packet filtering module The attack detection module is used to extract the characteristics of attack packets, i.e., “attack signatures,” such as source IP addresses or marked IP header values After the characteristics have been summarized, this information is used by the packet filtering module to filter malicious packets.

2.1 Assumptions How about the legitimate traffic from an attacking source !

2.2 Overview of AD and PAD - How to solve the LAN configuration problem

2.2 Overview of AD and PAD How to deal with the storage issue as topology gets larger !

2.5 Analysis of False Positives - How about MAC Spoofing ! IP address may not be spoofed, but MAC!

2.5 Analysis of False Positives - The Cause of false positives

3.4 Gradual Deployment Considerations The same as an earlier mentioned : - How to deal with the storage issue as topology gets larger !

4 SIMULATION AND RESULTS How about non-treelike multi-victim TOPOLOGY !

A Comparison - between my work & the paper

END

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.