1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya,

Slides:



Advertisements
Similar presentations
Preliminaries Advantages –Hash tables can insert(), remove(), and find() with complexity close to O(1). –Relatively easy to program Disadvantages –There.
Advertisements

Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.
DBMS 2001Notes 4.2: Hashing1 Principles of Database Management Systems 4.2: Hashing Techniques Pekka Kilpeläinen (after Stanford CS245 slide originals.
Optimal Fast Hashing Yossi Kanizo (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) and David Hay (Hebrew Univ., Israel)
Udi Ben-Porat ETH Zurich Switzerland
Hashing21 Hashing II: The leftovers. hashing22 Hash functions Choice of hash function can be important factor in reducing the likelihood of collisions.
On the Exploitation of CDF based Wireless Scheduling Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya, Israel Hanoch Levy ETH Zurich,
Cuckoo Hashing : Hardware Implementations Adam Kirsch Michael Mitzenmacher.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.
Hash Tables With Finite Buckets Are Less Resistant to Deletions Yossi Kanizo (Technion, Israel) Joint work with David Hay (Columbia U. and Hebrew U.) and.
CSE 250: Data Structures Week 12 March 31 – April 4, 2008.
11.Hash Tables Hsu, Lih-Hsing. Computer Theory Lab. Chapter 11P Directed-address tables Direct addressing is a simple technique that works well.
Sets and Maps Chapter 9. Chapter 9: Sets and Maps2 Chapter Objectives To understand the Java Map and Set interfaces and how to use them To learn about.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Hash Tables1 Part E Hash Tables  
1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.
Design and Analysis of Algorithms - Chapter 71 Hashing b A very efficient method for implementing a dictionary, i.e., a set with the operations: – insert.
Introduction to Hashing CS 311 Winter, Dictionary Structure A dictionary structure has the form: (Key, Data) Dictionary structures are organized.
Introducing Hashing Chapter 21 Copyright ©2012 by Pearson Education, Inc. All rights reserved.
Hash Tables. Container of elements where each element has an associated key Each key is mapped to a value that determines the table cell where element.
Student Seminar – Fall 2012 A Simple Algorithm for Finding Frequent Elements in Streams and Bags RICHARD M. KARP, SCOTT SHENKER and CHRISTOS H. PAPADIMITRIOU.
Resource Placement and Assignment in Distributed Network Topologies Accepted to: INFOCOM 2013 Yuval Rochman, Hanoch Levy, Eli Brosh.
1 The Good, The Bad and the Ugly: Network Performance in Malicious Environment Udi Ben-Porat ETH Zurich, Switzerland Anat Bremler-Barr IDC Herzliya, Israel.
Self-Organizing Agents for Grid Load Balancing Junwei Cao Fifth IEEE/ACM International Workshop on Grid Computing (GRID'04)
ICS220 – Data Structures and Algorithms Lecture 10 Dr. Ken Cosh.
OPTIMAL SERVER PROVISIONING AND FREQUENCY ADJUSTMENT IN SERVER CLUSTERS Presented by: Xinying Zheng 09/13/ XINYING ZHENG, YU CAI MICHIGAN TECHNOLOGICAL.
Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya,
IKI 10100: Data Structures & Algorithms Ruli Manurung (acknowledgments to Denny & Ade Azurat) 1 Fasilkom UI Ruli Manurung (Fasilkom UI)IKI10100: Lecture8.
Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.
Search Algorithm Lecture Chapter 15-2 Algorithms for SELECT and JOIN Operations Implementing the SELECT Operation : Search Methods for Simple Selection:
PODC Distributed Computation of the Mode Fabian Kuhn Thomas Locher ETH Zurich, Switzerland Stefan Schmid TU Munich, Germany TexPoint fonts used in.
Storage and Retrieval Structures by Ron Peterson.
Can’t provide fast insertion/removal and fast lookup at the same time Vectors, Linked Lists, Stack, Queues, Deques 4 Data Structures - CSCI 102 Copyright.
HASHING PROJECT 1. SEARCHING DATA STRUCTURES Consider a set of data with N data items stored in some data structure We must be able to insert, delete.
HASH TABLES -Paritosh Gupta. Problem. Required Search for The Precious One way would be to map all the data. And get key-value pairs. This means providing.
CSC 427: Data Structures and Algorithm Analysis
Hashing - 2 Designing Hash Tables Sections 5.3, 5.4, 5.4, 5.6.
Foundations of Data Structures Practical Session #10 Hash Tables.
Chapter 11 Hash Tables © John Urrutia 2014, All Rights Reserved1.
COSC 2007 Data Structures II Chapter 13 Advanced Implementation of Tables IV.
CSE 373 Data Structures and Algorithms Lecture 17: Hashing II.
CS261 Data Structures Hash Tables Open Address Hashing.
Performance and Energy Efficiency Evaluation of Big Data Systems Presented by Yingjie Shi Institute of Computing Technology, CAS
Copyright © Curt Hill Hashing A quick lookup strategy.
Midterm Midterm is Wednesday next week ! The quiz contains 5 problems = 50 min + 0 min more –Master Theorem/ Examples –Quicksort/ Mergesort –Binary Heaps.
1 Chapter 9 Searching And Table. 2 OBJECTIVE Introduces: Basic searching concept Type of searching Hash function Collision problems.
1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Dr. Anat Bremler-Barr Efi Arazi School of Computer Science Interdisciplinary.
Hashing Goal Perform inserts, deletes, and finds in constant average time Topics Hash table, hash function, collisions Collision handling Separate chaining.
Hash Tables Ellen Walker CPSC 201 Data Structures Hiram College.
On the Placement of Web Server Replicas Yu Cai. Paper On the Placement of Web Server Replicas Lili Qiu, Venkata N. Padmanabhan, Geoffrey M. Voelker Infocom.
Sets and Maps Chapter 9. Chapter Objectives  To understand the Java Map and Set interfaces and how to use them  To learn about hash coding and its use.
Prof. Amr Goneid, AUC1 CSCI 210 Data Structures and Algorithms Prof. Amr Goneid AUC Part 5. Dictionaries(2): Hash Tables.
DS.H.1 Hashing Chapter 5 Overview The General Idea Hash Functions Separate Chaining Open Addressing Rehashing Extendible Hashing Application Example: Geometric.
Sets and Maps Chapter 9.
Introduction to Load Balancing:
Yo-Yo Attack : DDoS Attack on Cloud Auto-scaling Mechanisms
Hash table CSC317 We have elements with key and satellite data
Hashing - resolving collisions
Hash Tables (Chapter 13) Part 2.
CHAPTER 3 Architectures for Distributed Systems
Hash tables Hash table: a list of some fixed size, that positions elements according to an algorithm called a hash function … hash function h(element)
CSE373: Data Structures & Algorithms Lecture 14: Hash Collisions
Collision Resolution Neil Tang 02/18/2010
CSE373: Data Structures & Algorithms Lecture 14: Hash Collisions
Aggressiveness Protective Fair Queuing for Bursty Applications
Sets and Maps Chapter 9.
Collision Resolution Neil Tang 02/21/2008
Udi Ben-Porat ETH Zurich Switzerland
CSE 373: Data Structures and Algorithms
Presentation transcript:

1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya, Israel Hanoch Levy ETH Zurich, Switzerland

2 Study Objective Propose a DDoS Vulnerability performance metric  Vulnerability Measure  To be used in addition to traditional system performance metrics Understanding the vulnerability of different systems to sophisticated attacks This Talk Describe DDoS Vulnerability performance metric Demonstrate Metric impact  Hash Table: Very Common in networking  Performance (traditional) : OPEN equivalent CLOSED  Vulnerability analysis: OPEN << CLOSED!!

3 Distributed Denial of Service ( DDoS ) Attacker adds more regular users Loading the server - degrades the performance Server Performance Server Attacker Normal DDoS S. DDoS

4 Sophisticated DDoS Normal DDoS S. DDoS Server Performance Server Attacker Attacker adds sophisticated malicious users Each user creates maximal damage (per attack budget)

5 Sophisticated Attacks Examples  Simple example: Database server Make hard queries Goal: consume CPU time  Sophisticated attacks in the research: Reduction of Quality (RoQ) Attacks on Internet End-Systems Mina Guirguis, Azer Bestavros, Ibrahim Matta and Yuting Zhang INFOCOM 2005 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E.W.Knightly Sigcomm 2003 Denial of Service via Algorithmic Complexity Attacks Scott A. Crosby and Dan S. Wallach Usenix 2003

6 Our goal Proposing a Vulnerability measurement for all sophisticated DDoS attack  Vulnerability Measurement Understanding the vulnerability of different systems to sophisticated attacks  Later: Hash Tables and Queuing

7 Vulnerability Factor Definition Vulnerability= v means: Malicious user degrades the server performance v -times more than regular user Performance Degradation Scales (st = Malicious Strategy)

8 Vulnerability Factor Definition Performance After adding (budget =c) After adding (budget=c) Normal DDoS S. DDoS

9 Demonstration of Vulnerability metric: Attack on Hash Tables Central component in networks Hash table is a data structure based on Hash function and an array of buckets. Operations: Insert, Search and Delete of elements according to their keys. key Insert (element) Buckets Hash(key) User Server

10 Hash Tables Bucket = one element Collision-> the array is repeatedly probed until an empty bucket is found Bucket = list of elements that were hashed to that bucket Open Hash Closed Hash

11 Performance Factors In Attack  While attack is on: Attacker’s operations are CPU intensive  CPU loaded Post Attack:  Loaded Table  insert/delete/search op’s suffer Vulnerability: OPEN vs. CLOSED Traditional Performance: OPEN = CLOSED* What about Vulnerability? OPEN = CLOSED ? ( * when the buckets array of closed hash is twice bigger)

12 Attacker strategy (InsStrategy) Strategy:  Insert k elements (cost=budget=k) where all elements hash into the same bucket ( )  Theorem: InsStrategy is Optimal For both performance factors Closed Hash: Cluster Open Hash: One long list of elements Attack Results

13 In Attack: Resource Consumption V = Analytic results: Open Hash: Closed Hash: In every malicious insertion, the server has to traverse all previous inserted elements (+ some existing elements) Open Hash Closed Hash V =

14 Post Attack: Operation Complexity Open Hash Closed Hash Open Hash: Vulnerability =1 No Post Attack degradation in Open Hash (Only small chance to traverse the malicious list) Closed Hash: Big chance the operation has to traverse part of the big cluster

15 Post Attack: account for queuing Requests for the server are queued up Vulnerability of the (post attack) Waiting Time? Hash Table Server

16 Post Attack Waiting Time Open Hash: Vulnerable !! While in the model of Post Attack Operation Complexity the Open Hash is not Vulnerable ! Closed Hash: Drastically more vulnerable resulting: clusters increase the second moment of the hash operation times No longer stable for Load>48% Stability Point

17 Conclusions Closed Hash is much more vulnerable than the Open Hash to DDoS, even though the two systems are considered to be equivalent via traditional performance evaluation. After the attack has ended, regular users still suffer from performance degradation Application using Hash in the Internet, where there is a queue before the hash, has high vulnerability.

18 Related Work The alternative measure: Potency [RoQ]  Was defined only to RoQ  Only count the performance degradation of a specific attack  Vulnerability measures the system  Meaningless without additional numbers  Vulnerability is meaningful information based on this number alone Analyzing Hash: Comparing Closed to Open Hash, also analyzing the post attack performance degradation (Denial of Service via Algorithmic Complexity Attacks Scott A. Crosby and Dan S. Wallach Usenix 2003)

19 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.