Dong Xuan*, Sriram Chellappan*, Xun Wang* and Shengquan Wang+

Slides:



Advertisements
Similar presentations
Security in Mobile Ad Hoc Networks
Advertisements

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Using Auxiliary Sensors for Pair-Wise Key Establishment in WSN Source: Lecture Notes in Computer Science (2010) Authors: Qi Dong and Donggang Liu Presenter:
The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering 1 Wenjun Gu, Xiaole Bai, Sriram Chellappan and Dong Xuan Presented by Wenjun.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering.
CS218 – Final Project A “Small-Scale” Application- Level Multicast Tree Protocol Jason Lee, Lih Chen & Prabash Nanayakkara Tutor: Li Lao.
Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.
Enhancing TCP Fairness in Ad Hoc Wireless Networks Using Neighborhood RED Kaixin Xu, Mario Gerla University of California, Los Angeles {xkx,
March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
1 User Interface Design CIS 375 Bruce R. Maxim UM-Dearborn.
1 Security Risk Analysis of Computer Networks: Techniques and Challenges Anoop Singhal Computer Security Division National Institute of Standards and Technology.
EQ-BGP: an efficient inter- domain QoS routing protocol Andrzej Bęben Institute of Telecommunications Warsaw University of Technology,
T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering T H E O H I O S T A T E U N I V E R S I T Y Computer Science and Engineering.
GUI: GPS-Less Traffic Congestion Avoidance in Urban Area with Inter-Vehicular Communication Presenter: Zhen Jiang or
POWER CONTROL IN COGNITIVE RADIO SYSTEMS BASED ON SPECTRUM SENSING SIDE INFORMATION Karama Hamdi, Wei Zhang, and Khaled Ben Letaief The Hong Kong University.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
Hao Yang, Fan Ye, Yuan Yuan, Songwu Lu, William Arbaugh (UCLA, IBM, U. Maryland) MobiHoc 2005 Toward Resilient Security in Wireless Sensor Networks.
Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.
Mixture Models, Monte Carlo, Bayesian Updating and Dynamic Models Mike West Computing Science and Statistics, Vol. 24, pp , 1993.
5-4-1 Unit 4: Sampling approaches After completing this unit you should be able to: Outline the purpose of sampling Understand key theoretical.
Robustness of complex networks with the local protection strategy against cascading failures Jianwei Wang Adviser: Frank,Yeong-Sung Lin Present by Wayne.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.
Analyzing the Vulnerability of Superpeer Networks Against Attack Niloy Ganguly Department of Computer Science & Engineering Indian Institute of Technology,
Mitigation strategies on scale-free networks against cascading failures Jianwei Wang Adviser: Frank,Yeong-Sung Lin Present by Chris Chang.
KAIS T On the problem of placing Mobility Anchor Points in Wireless Mesh Networks Lei Wu & Bjorn Lanfeldt, Wireless Mesh Community Networks Workshop, 2006.
Zeidat&Eick, MLMTA, Las Vegas K-medoid-style Clustering Algorithms for Supervised Summary Generation Nidal Zeidat & Christoph F. Eick Dept. of Computer.
A Comparative Study of the DNS Design with DHT-Based Alternatives 95/08/31 Chen Chih-Ming.
A Reliability-oriented Transmission Service in Wireless Sensor Networks Yunhuai Liu, Yanmin Zhu and Lionel Ni Computer Science and Engineering Hong Kong.
Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,
Mobility Increases the Connectivity of K-hop Clustered Wireless Networks Qingsi Wang, Xinbing Wang and Xiaojun Lin.
Presented by Yu-Shun Wang Advisor: Frank, Yeong-Sung Lin Near Optimal Defense Strategies to Minimize Attackers’ Success Probabilities for networks of Honeypots.
2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.
PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.
Autonomous and Intelligent Healthcare System (SYSIASS) Activity 2 Progress April 2011 Part-financed by the European Regional Development Fund.
PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton.
Talal H. Noor, Quan Z. Sheng, Lina Yao,
Kaixin Xu, Mario Gerla University of California, Los Angeles {xkx,
Next Generation Network Security using Software-Defined Networking
Wireless Sensor Network Architectures
Location Cloaking for Location Safety Protection of Ad Hoc Networks
Maximum Likelihood Estimation
Cybersecurity EXERCISE (CE) ATD Scenario intro
                                                                                                            Network Decoupling for Secure Communications.
When Security Games Go Green
Use of Simulation for Cyber Security Risk and Consequence Assessment
                                                                                                            Network Decoupling for Secure Communications.
Using Friendship Ties and Family Circles for Link Prediction
Attack-Resistant Location Estimation in Sensor Networks
Matching Methods & Propensity Scores
i-Path : Network Transparency Project
Matching Methods & Propensity Scores
Hidden Markov Models Part 2: Algorithms
Totally Disjoint Multipath Routing in Multihop Wireless Networks Sonia Waharte and Raoef Boutaba Presented by: Anthony Calce.
Where did we stop? The Bayes decision rule guarantees an optimal classification… … But it requires the knowledge of P(ci|x) (or p(x|ci) and P(ci)) We.
Pei Fan*, Ji Wang, Zibin Zheng, Michael R. Lyu
Matching Methods & Propensity Scores
Dong Xuan Department of Computer Science and Engineering
Distributed Systems CS
Graph-based Security and Privacy Analytics via Collective Classification with Joint Weight Learning and Propagation Binghui Wang, Jinyuan Jia, and Neil.
M.Eng. Alessandro Mancuso Supervisor: Dr. Piotr Żebrowski
Outline System architecture Current work Experiments Next Steps
Autonomous Network Alerting Systems and Programmable Networks
Authors: Jinliang Fan and Mostafa H. Ammar
Communication Driven Remapping of Processing Element (PE) in Fault-tolerant NoC-based MPSoCs Chia-Ling Chen, Yen-Hao Chen and TingTing Hwang Department.
Distributed Systems CS
Presentation transcript:

Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks Dong Xuan*, Sriram Chellappan*, Xun Wang* and Shengquan Wang+ *Dept. of Computer and Information Science, The Ohio-State University +Dept. of Computer Science, Texas A&M University 8/20/2019 The Ohio State University

The Ohio State University Outline Motivation The SOS Architectures Intelligent DDoS Attacks Analysis Related Work Final Remarks 8/20/2019 The Ohio State University

The Ohio State University Motivation Analyze the impacts of design features of the Secure Overlay Services (SOS) architecture on system performance under intelligent DDoS attacks 8/20/2019 The Ohio State University

The Secure Overlay Service Architecture It is an intermediate forwarding overlay system. Layering: Each node only knows the next layer nodes. Access to target controlled by a set of filters. Target is known only to filters. 8/20/2019 The Ohio State University

The Ohio State University Design Features The number of layers: 3 layers of hierarchy between sources and a target. Mapping degree: Number of next layer neighbors Node density: Number of nodes per layer Under random congestion attacks, path availabilities are high. 8/20/2019 The Ohio State University

The Generalized SOS Architecture Design features are flexible. 8/20/2019 The Ohio State University

Intelligent DDoS Attacks Combination of Congestion-based attacks and break-in based attacks Congestion attacks result in node being non-functional for the duration of the attack. Successful break-in attacks result in disclosure of next layer neighbors. 8/20/2019 The Ohio State University

Combination of Congestion-based and Break-in based Attacks One-burst attack model The attacker attempts to break into nodes all at once, depending on attack resources. The attacker congests the disclosed nodes and maybe more, or less depending on resources. Successive attack model The attacker attempts to break into nodes depending on resources, in multiple rounds (R). Other attack models are possible too. 8/20/2019 The Ohio State University

The SOS Working Scenario under Intelligent DDoS Attacks Some nodes will be compromised (broken-in or congested) Forwarding: Nodes will select an alive node in the next layer to do forwarding Repair: no repair and repair 8/20/2019 The Ohio State University

The Ohio State University System Performance Probability that a client can find a path to communicate with the target, denoted by Ps. System performance is affected by the set of compromised nodes. 8/20/2019 The Ohio State University

The Ohio State University Analysis Methodology A baseline approach Exhaustion- Listing all possible combinations of compromised nodes across layers and calculating Ps for each combination and summarizing them to get overall Ps. For a system with n nodes across L layers, we have combinations. It is un-scalable. 8/20/2019 The Ohio State University

The Ohio State University Analysis Methodology We employ an average case approach to derive Ps. We calculate the average number of compromised nodes in each layer to obtain Ps. The key task is to estimate the set of compromised nodes in each layer. 8/20/2019 The Ohio State University

PS Computation Formula We need to estimate individual probabilities (Pi) of finding a path between each layer We need to determine the set of compromised nodes across each layer. It is not easy. The main challenge is to discount overlaps among the set of compromised nodes, e.g., overlaps among disclosed nodes, overlaps among broken-in and disclosed nodes etc. si = ci + bi , where ci and bi are the set of congested and broken-in nodes respectively. 8/20/2019 The Ohio State University

The Ohio State University System Parameters System Model N overlay nodes, of which n are in the SOS system. System consists of L layers. Number of nodes in each layer is ni . Mapping degree is mi . Probability that a first layer node is known to attacker prior to attacks is Pe. Probability of a node being broken into is Pb. Probability of a node in layer i has a neighbor in layer i+1 is Pi. Attacker resources Nt break-in resources. Nc congestion resources. 8/20/2019 The Ohio State University

PS Computation under the One-burst Attack Model Total number of broken into nodes in layer i are given by Total number of congested nodes in layer i are given by When Nc ≥ Nd When Nc < Nd 8/20/2019 The Ohio State University

PS Computation under the Successive Attack Model Total number of broken into nodes in layer i are given by Total number of congested nodes in layer i are given by When Nc < Nd 8/20/2019 The Ohio State University

Sensitivity of Ps to Layer, Mapping Degree and Node Distribution N = 10,000, n = 100, Nc = 2000, Nt = 200, R=3, Pb = 0.5, Pe = 0.2. L = 4 is best. mi = 1 to 2 seems best. Increasing node distribution performs best. 8/20/2019 The Ohio State University

Sensitivity of Ps to Break-in Attack Intensity N = 10,000, n = 100, Nc = 2000, R=3, Pb = 0.5, Pe = 0.2, L = 4. Ps is more sensitive to mi with increasing Nt. Stable portion due to advantages offered by layering. 8/20/2019 The Ohio State University

Summary of Observations L = 3 is not the best choice. Mapping degree and number of layers have opposite effects on resilience to break-in and congestion attacks. Less layers offer more protection against congestion based attacks, but are not good under break-in attacks. A larger mapping degree offers more protection against congestion based attacks, but is not good under break-in attacks. Increasing node distribution performs best in general. 8/20/2019 The Ohio State University

The Ohio State University Our On-Going Work We are investigating the system performance under dynamic repair. Dynamic Repair can be classified as- Reactive repair Proactive repair 8/20/2019 The Ohio State University

The Ohio State University Reactive Repair Reactive approaches can work if the system responds very quickly. 8/20/2019 The Ohio State University

The Ohio State University Proactive Repair N = 5000, n = 40, mi = 1 to 5, Nt = 1000, Nc = 2000. Proactive approaches work more effectively that reactive approaches. We plan to study combination of proactive and reactive approaches. 8/20/2019 The Ohio State University

The Ohio State University Related Work SOS focuses on system structure and dynamics under random congestion attacks. The layer number in SOS is fixed as 3. SOS does not consider break-in attacks. MAYDAY generalizes work in terms of providing solutions to security threats in the overlay. It does not discuss design features. UCSD work attempts to analyze intermediate forwarding systems under a simple break-in attack like model. They do not consider the congestion based attack and their combinations. 8/20/2019 The Ohio State University

The Ohio State University Final Remarks Contributions We generalize the SOS architecture making design flexible. We define two novel and ‘intelligent’ DDoS attack models and an analysis approach that can be applied to analyze other similar systems. Our work provides strong guidelines to designers of such systems to enhance their resilience. Open Issues More sophisticated attack models. Timely delivery. Dynamic repair (in progress). Underlying network attack model (in progress). Self healing systems under attacks. 8/20/2019 The Ohio State University

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.