Design of an Autonomous Anti-DDOS Network (A2D2) Angela Cearns Thesis Proposal Master of Software Engineering University of Colorado, Colorado Springs.

Slides:

Advertisements

Similar presentations

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

Advertisements

Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Noel Schmidt Architecture Technology Corporation Odyssey Research Associates DARPA.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Challenges & problems of Master Theses on Computer Engineering Department in PUT (From Decision to research and finalization) Betim Çiço Faculty of Information.

IS6112 Application Modelling and Design Introduction.

Behavior Intrusion Detection: Enhanced Hakan Evecek Rodolfo Ortiz Hakan Evecek Rodolfo Ortiz.

Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.

Unit 251 Implementation and Integration Implementation Unit Testing Integration Integration Approaches.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.

ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Managing Agent Platforms with SNMP Brian Remick Research Proposal Defense June 27, 2015.

12/6/2010CS Andrew Bates - UCCS1 Intrusion Detection and Advanced Persistent Threats CS 591 Andrew Bates University of Colorado at Colorado Springs.

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

Design of an Autonomous Anti-DDOS Network (A2D2) Angela Cearns Thesis Defense Thursday October 24, 2002 Master of Software Engineering Department of Computer.

Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project.

Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.

Lecture 11 Intrusion Detection (cont)

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

What is Business Analysis Planning & Monitoring?

Active Security Infrastructure Stuart Kenny Trinity College Dublin.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Intrusion Detection System for Wireless Sensor Networks: Design, Implementation and Evaluation Dr. Huirong Fu.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

EIDA Project ( Proposal ) Research and Technical Background Emergency Intelligent Decision Assistant: Emergency Intelligent Decision Assistant: Toolkit.

VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.

DISTRIBUTED tcpdump CAPABILITY FOR LINUX Research Paper EJAZ AHMED SYED Dr. JIM MARTIN Internet Research Group. Department Of Computer Science – Clemson.

Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.

DoS/DoS Detection and Mitigation Mujahid Khan

GORAN OSIM AND TIM MYERS CPSC 424 DDOS AND THE SYSADMIN.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Performance evaluation of component-based software systems Seminar of Component Engineering course Rofideh hadighi 7 Jan 2010.

3 June, 2016 Toorcon Security Expo Hydra Intelligent Agent: Instrument for Security One Size Fits All Distributed Scanning Distributed IDS Distributed.

1 Risk Management 2 n IEEE defines risk as: “the likelihood of an event, hazard, threat or situation occurring and its undesirable consequences” [Std.

Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.

Network UAV C3 Stage 1 Final Briefing Timothy X Brown University of Colorado at Boulder Interdisciplinary Telecommunications Program Electrical and Computer.

Randomized Failover Intrusion- Tolerant Systems (RFITS) Ranga Ramanujan, Maher Kaddoura, Carla Marceau, Clint Sanders, Doug Harper, David Baca Architecture.

Snort Intrusion detection system Charles Beckmann Anthony Magee Vijay Iyer.

Security in Cloud Computing Zac Douglass Chris Kahn.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Routing Security in Wireless Ad Hoc Networks Chris Zingraf, Charisse Scott, Eileen Hindmon.

Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits H. Wang, C. Guo, D. Simon, and A. Zugenmaier Microsoft Research.

Security System for KOREN/APII-Testbed

Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.

DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith.

Virtualized Execution Realizing Network Infrastructures Enhancing Reliability Application Communities PI Meeting Arlington, VA July 10, 2007.

Emerging and Evolving Cyber Threats Require Sophisticated Response and Protection Capabilities  Advanced Algorithms  Cyber Attack Detection and Machine.

CERES-2012 Deliverables Architecture and system overview 21 November 2011 Updated: 12 February

1 Project Management Software management is distinct and often more difficult from other engineering managements mainly because: – Software product is.

The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors ： Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.

1 Randomized Failover Intrusion Tolerant Systems (RFITS) Ranga Ramanujan Architecture Technology Corporation Odyssey Research Associates DARPA OASIS PI.

Intrusion Tolerant Distributed Object Systems Joint IA&S PI Meeting Honolulu, HI July 17-21, 2000 Gregg Tally

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.

Mitigating Distributed Denial of Service Attacks Using a Proportional- Integral-Derivative Controller Marcus Tylutki.

INFSOM-RI WP3: WP3: Software configuration tools and methodologies Status Report ETICS All-Hands – 23 May 2007 E. Ronchieri.

Security of Grid Computing Environments

Detection and Analysis of Threats to the Energy Sector (DATES)

Instantiation of the Concept in GAMMA Prototypes

An Overview of the ITTC Networking & Distributed Systems Laboratory

HF Radar Systems Engineering Plan

Internet-based monitoring and control of embedded systems

Presentation transcript:

Design of an Autonomous Anti-DDOS Network (A2D2) Angela Cearns Thesis Proposal Master of Software Engineering University of Colorado, Colorado Springs

Introduction - DDoS DDoS – a threat not forgotten 3 main research areas: Source Identification (Prevention) ITRACE, Ingree/Engress Filtering More difficult with distributed attack & new tools Most effective when implemented from attackers’ networks Detection Monitor and identify patterns Intrusion Tolerance (Response) Minimize attack impact, maximize QoS Focus of this Thesis

Existing Intrusion Tolerant Architecture – Main Shortcomings Rate-Limiting IDS with high false positives  dropped packets from legitimate clients Expensive & Extensive Infrastructure XenoService – dynamic duplication Very expensive, all ISP need to purchase this service Pushback architecture Require co-operations of ISPs worldwide DARPA IDIP autonomous response network Require protocol is not standard yet

Current Thesis Proposal UCSD research Significant of DDoSes targeted home and medium-sized businesses This Thesis  Design an Autonomous Anti-DDoS network Integrate/improve existing technologies Easily afforded and implemented by home and small networks

Proposed A2D2 Design & Improvements Fit real-life scenario 1.Detection Snort: new patch to detect generic flood New module plug-in 2.Autonomic Mitigation Class-based queuing Design new multi-level rate limiting Design new interface to integrate the various methodologies to achieve autonomic response

Proposed A2D2 Design & Improvements 3.Software Engineering Principle Analysis 4.Testing Evaluation Current DDoS research  no common test matrix and test parameters

Thesis Plan & Schedule 1.Requirement Analysis (February 1, 2002 – June ) Identify and understand the problem domain Identify the problem Evaluate possible prototypes Define requirements Present proposal and obtain official approval 2.Planning (May 25, 2002 – July 12, 2002) Identify and obtain resources needed Define thesis plan and schedule 3.Design (May 25, 2002 – July 12, 2002) Design initial test-bed prototype and evaluate design effectiveness Refine and finalize test-bed design Refine A2D2 response system design 4.Implementation & Testing (May 30, 2002 – August 30, 2002) Create initial prototype Identify testing techniques before attack network is created. Create attack network Refine and create response network Refine autonomous response 5.Project Closure (August 25, 2002 –September 25, 2002) Present final data and obtain approval. Create all necessary documentation Thesis defense

Thesis Deliverables The network test-bed Attack network + response network Resemble real-life scenario The A2D2 response network Thesis report Software Engineering analysis report

Questions? Suggestions? References: Please refer to Proposal Document