1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

Slides:

Advertisements

Similar presentations

The Effects of Wide-Area Conditions on WWW Server Performance Erich Nahum, Marcel Rosu, Srini Seshan, Jussara Almeida IBM T.J. Watson Research Center,

Advertisements

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic CS740 Project Presentation by N. Gupta, S. Kumar, R. Rajamani.

Doc.: IEEE /0604r1 Submission May 2014 Slide 1 Modeling and Evaluating Variable Bit rate Video Steaming for ax Date: Authors:

1 Carla Brodley, Sonia Fahmy, Cristina Nita-Rotaru, Catherine Rosenberg Current Students: Roman Chertov, Yu-Chun Mao, Kevin Robbins Undergraduate Student:

The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.

Design Deployment and Use of the DETER Testbed Terry Benzel, Robert Braden, Dongho Kim, Clifford Informatino Sciences Institute

1 Sonia Fahmy Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University

FLAME: A Flow-level Anomaly Modeling Engine

Active Queue Management: Theory, Experiment and Implementation Vishal Misra Dept. of Computer Science Columbia University in the City of New York.

Transparent Checkpoint of Closed Distributed Systems in Emulab Anton Burtsev, Prashanth Radhakrishnan, Mike Hibler, and Jay Lepreau University of Utah,

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

1 Secure Detection and Isolation of TCP-unfriendly Flows Shuo Chen (Summer Intern) Jose C. Brustoloni (Mentor) Network Software Research Department Bell.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 PIs: Sonia Fahmy Ness B. Shroff PhD Student: Roman Chertov Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University.

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

Defense: Christopher Francis, Rumou duan Data Center TCP (DCTCP) 1.

ISCSI Performance in Integrated LAN/SAN Environment Li Yin U.C. Berkeley.

1 Minseok Kwon and Sonia Fahmy Department of Computer Sciences Purdue University {kwonm, TCP Increase/Decrease.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Traffic Sensitive Active Queue Management - Mark Claypool, Robert Kinicki, Abhishek Kumar Dept. of Computer Science Worcester Polytechnic Institute Presenter.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

1 TCP-LP: A Distributed Algorithm for Low Priority Data Transfer Aleksandar Kuzmanovic, Edward W. Knightly Department of Electrical and Computer Engineering.

Student Projects in Computer Networking: Simulation versus Coding Leann M. Christianson Kevin A. Brown Cal State East Bay.

FTDCS 2003 Network Tomography based Unresponsive Flow Detection and Control Authors Ahsan Habib, Bharat Bhragava Presenter Mohamed.

Medium Start in TCP-Friendly Rate Control Protocol CS 217 Class Project Spring 04 Peter Leong & Michael Welch.

1 Manpreet Singh, Prashant Pradhan* and Paul Francis * MPAT: Aggregate TCP Congestion Management as a Building Block for Internet QoS.

Low-Rate TCP-Targeted Denial of Service Attacks Presenter: Juncao Li Authors: Aleksandar Kuzmanovic Edward W. Knightly.

Low-Rate TCP Denial of Service Defense Johnny Tsao Petros Efstathopoulos Tutor: Guang Yang UCLA 2003.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

TCP Behavior across Multihop Wireless Networks and the Wired Internet Kaixin Xu, Sang Bae, Mario Gerla, Sungwook Lee Computer Science Department University.

Lecture 1, 1Spring 2003, COM1337/3501Computer Communication Networks Rajmohan Rajaraman COM1337/3501 Textbook: Computer Networks: A Systems Approach, L.

Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale.

Multicast Congestion Control in the Internet: Fairness and Scalability

Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing

1 Sonia Fahmy, Roman Chertov, Ness B. Shroff, and a group of M.S. students Center for Education and Research in Information Assurance and Security (CERIAS)

Advanced Network Architecture Research Group 2001/11/149 th International Conference on Network Protocols Scalable Socket Buffer Tuning for High-Performance.

Redes Inalámbricas Máster Ingeniería de Computadores 2008/2009 Tema 7.- CASTADIVA PROJECT Performance Evaluation of a MANET architecture.

Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.

1 Enabling Large Scale Network Simulation with 100 Million Nodes using Grid Infrastructure Hiroyuki Ohsaki Graduate School of Information Sci. & Tech.

Yuan Xue Vanderbilt University

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Raj Jain The Ohio State University R1: Performance Analysis of TCP Enhancements for WWW Traffic using UBR+ with Limited Buffers over Satellite.

Software-defined Networking Capabilities, Needs in GENI for VMLab ( Prasad Calyam; Sudharsan Rajagopalan;

A Measurement Based Memory Performance Evaluation of High Throughput Servers Garba Isa Yau Department of Computer Engineering King Fahd University of Petroleum.

Running large scale experimentation on Content-Centric Networking via the Grid’5000 platform Massimo GALLO (Bell Labs, Alcatel - Lucent) Joint work with:

ESVT: A Toolkit Facilitating Use of DETER Lunquan Li, Jiwu Jing, Peng Liu, TJ, Jisheng, George Kesidis, David Miller Penn State University September 28,

1 Measuring Congestion Responsiveness of Windows Streaming Media James Nichols Advisors: Prof. Mark Claypool Prof. Bob Kinicki Reader: Prof. David Finkel.

Requirements for Simulation and Modeling Tools Sally Floyd NSF Workshop August 2005.

Maintaining and Updating Windows Server Monitoring Windows Server It is important to monitor your Server system to make sure it is running smoothly.

A Practical Approach for Providing QoS: MPLS and DiffServ

1 TCP/IP based TML (Transport Mapping Layer) for ForCES Protocol Hormuzd Khosravi Shuchi Chawla Furquan Ansari Jon Maloy 62 nd IETF Meeting, Minneapolis.

EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006.

1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

Managing Web Server Performance with AutoTune Agents by Y. Diao, J. L. Hellerstein, S. Parekh, J. P. Bigus Presented by Changha Lee.

CATNIP – Context Aware Transport/Network Internet Protocol Carey Williamson Qian Wu Department of Computer Science University of Calgary.

Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.

SHADOWSTREAM: PERFORMANCE EVALUATION AS A CAPABILITY IN PRODUCTION INTERNET LIVE STREAM NETWORK ACM SIGCOMM CING-YU CHU.

Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.

Studies of LHCb Trigger Readout Network Design Karol Hennessy University College Dublin Karol Hennessy University College Dublin.

1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.

Fermilab Scientific Computing Division Fermi National Accelerator Laboratory, Batavia, Illinois, USA. Off-the-Shelf Hardware and Software DAQ Performance.

MPTCP Implementation: Use cases for Enhancement Opportunities

The Taming of The Shrew: Mitigating Low-Rate TCP-targeted Attack

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic

PIs: Sonia Fahmy Ness B. Shroff PhD Student: Roman Chertov

Pong: Diagnosing Spatio-Temporal Internet Congestion Properties

Presentation transcript:

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue University October 25 th, 2004 Experiments with DDoS and Routing

2 Objectives  Design, integrate, and deploy a methodology and tools for performing realistic and reproducible DDoS experiments:  Tools to configure traffic and attacks  Tools for automation of experiments, measurements, and visualization of results  Integration of multiple third-party software components  Understand the testing requirements of different types of third party detection and defense mechanisms  Gain insight into the phenomenology of attacks including their first-order and their second-order effects, and impact on defenses

3 Accomplishments  Designed and implemented experimental tools:  Scriptable event system to control and synchronize events at multiple nodes  Automated measurement tools, log processing tools, and plotting tools  Automated configuration of interactive and replayed background traffic, routing, attack parameters, and measurements  Generated requirements for DETER to easily support the testing of third party products (e.g., ManHunt, Sentivist)

4 Accomplishments (cont’d)  Analytical characterization, simulations, and experiments for low-rate TCP-targeted DDoS attacks  Preliminary analysis of BGP behavior during DDoS, and BGP impact on DDoS

5 TCP-Targeted Attacks  Varied: A ttack burst length l and sleep period T-l  A. Kuzmanovic and E. W. Knightly. Low-rate targeted denial of service attacks. SIGCOMM  M. Guirguis et al. Exploiting the transients of adaptation for RoQ attacks on Internet resources. ICNP  H. Sun et al. Defending against low-rate TCP attacks: Dynamic detection and protection. ICNP  Objective:  Understand attack effectiveness (damage versus effort) in terms of application-level, transport-level, and network-level metrics at multiple nodes T-l ll Time Rate R

6 Topology

7 Throughput

8 Web Clients/Server

9 Attack Parameters vs. RTT 0.38 Mbps without an attack0.75 Mbps without an attack Client with 63 ms RTT to the server

10 Short RTT 1.00 Mbps without an attack1.40 Mbps without an attack Client with 12.6 ms RTT to the server

11 Attack Unacked data during 5MB file transfer ( sec = KB/sec) ttcp Experiments

12 Emulation vs. Simulation  Effects of attack sleep period on the average congestion window of a single TCP (SACK) from TTCP tool  The attack flow is multiplexed with the data flow

13 Routing  Need to understand magnitude of potential problems, causes, and defenses

14 Scenario At 222 sec, nodes 8, 11, and 14 attack node 9 (zebra router running BGP) for 400 seconds. No activity for 200 seconds. Allow all nodes to stabilize. Nodes 8, 11, and 14 attack node 9 for 400 seconds again. Node 36 attacks node 10 (neighbor of node 9) for 400 seconds.

15 # BGP update messages

16 Keep-alives at node 9

17

18 Lessons Learned  Insights into sensitivity to emulation environment  Some effects we observe may not be observed on actual routers and vice versa (architecture and buffer sizes)  Emulab and DETER results significantly differ for the same test scenario (CPU speed)  Priority for routing packets in Cisco routers  Limit on the degree of router nodes, delays, bandwidths  Difficulties in testing third party products  Products (hardware or software) connect to hubs, switches, or routers  Layer 2/layer 3 emulation and automatic discovery/allocation can simplify DETER use for testing third party mechanisms  Due to licenses, we need to control machine selection in DETER  Windows XP is required to test some products, e.g., Sentivist administration interface  Difficult to evaluate performance when mechanism is a black box  e.g., cannot mark attack traffic and must solely rely on knowledge of attack

19 Plans  Continue development of experiment automation and instrumentation/plotting tools and documentation  Design increasingly high fidelity experimental suites  Continue investigation of TCP-targeted DDoS attacks in more depth, and compare analytical and simulation results with DETER testbed results to identify artifacts

20 Plans (cont’d)  Investigate routing problems/attacks, and compare with DETER testbed results  Continue to collaborate with routing team and McAfee team to identify experimental scenarios and build tools for routing experiments