EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006.

Slides:



Advertisements
Similar presentations
The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Advertisements

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Web Server Benchmarking Using the Internet Protocol Traffic and Network Emulator Carey Williamson, Rob Simmonds, Martin Arlitt et al. University of Calgary.
Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.
1 Advanced Security Research Wes Hardaker Eric Monteith, Russ Mundy, Eric O’Brian, Ron Ostrenga, Dan Sterne, Roshan Thomas NAI Labs under contract to DARPA.
The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA
CacheCast: Eliminating Redundant Link Traffic for Single Source Multiple Destination Transfers Piotr Srebrny, Thomas Plagemann, Vera Goebel Department.
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.
A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.
1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)
Promoting the Use of End-to- End Congestion Control in the Internet Sally Floyd and Kevin Fall Presented by Scott McLaren.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
FTDCS 2003 Network Tomography based Unresponsive Flow Detection and Control Authors Ahsan Habib, Bharat Bhragava Presenter Mohamed.
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
The War Between Mice and Elephants By Liang Guo (Graduate Student) Ibrahim Matta (Professor) Boston University ICNP’2001 Presented By Preeti Phadnis.
10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.
A DoS Limiting Network Architecture An Overview by - Amit Mondal.
Extensible Security Services on the CROSS/Linux Programmable Router David K. Y. Yau Department of Computer Sciences Purdue University
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Lecture 15 Denial of Service Attacks
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.
Whither Congestion Control? Sally Floyd E2ERG, July
Multicast Congestion Control in the Internet: Fairness and Scalability
Reading Report 14 Yin Chen 14 Apr 2004 Reference: Internet Service Performance: Data Analysis and Visualization, Cross-Industry Working Team, July, 2000.
“To Filter or to Authorize: Network-Layer DoS Defense Against Multimillion-node Botnets ” Xin Liu, Xiaowei Yang, Yanbin Lu Department of Computer Science,
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Redes Inalámbricas Máster Ingeniería de Computadores 2008/2009 Tema 7.- CASTADIVA PROJECT Performance Evaluation of a MANET architecture.
Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.
“Intra-Network Routing Scheme using Mobile Agents” by Ajay L. Thakur.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
ACN: RED paper1 Random Early Detection Gateways for Congestion Avoidance Sally Floyd and Van Jacobson, IEEE Transactions on Networking, Vol.1, No. 4, (Aug.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
1 Modeling and Performance Evaluation of DRED (Dynamic Random Early Detection) using Fluid-Flow Approximation Hideyuki Yamamoto, Hiroyuki Ohsaki Graduate.
Requirements for Simulation and Modeling Tools Sally Floyd NSF Workshop August 2005.
1 Network Emulation Mihai Ivanovici Dr. Razvan Beuran Dr. Neil Davies.
Distributed Denial of Service Attacks
1 On Scalable Edge-based Flow Control Mechanism for VPN Tunnels --- Part 2: Scalability and Implementation Issues Hiroyuki Ohsaki Graduate School of Information.
Draft-ietf-ippm-tcp-throughput-tm-04.txt 1 TCP Throughput Testing Methodology IETF 78 Maastricht Reinhard Schrage Barry Constantine.
Open-Eye Georgios Androulidakis National Technical University of Athens.
Online-Offsite Connectivity Experiments Catalin Meirosu *, Richard Hughes-Jones ** * CERN and Politehnica University of Bucuresti ** University of Manchester.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
1 Attacking DDoS at the Source Jelena Mirković, Gregory Prier, Peter Reiher University of California Los Angeles Presentation by: David Allen.
1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
Goals The DNP3 protocol is widely used in electrical power systems as a means of communicating observed sensor state information back to a control center.
Development of a QoE Model Himadeepa Karlapudi 03/07/03.
The Taming of The Shrew: Mitigating Low-Rate TCP-targeted Attack
Preventing Internet Denial-of-Service with Capabilities
DDoS Attack Detection under SDN Context
Performance Evaluation of Computer Networks
Performance Evaluation of Computer Networks
Networking Theory and Protocol.
Statistical based IDS background introduction
Review of Internet Protocols Transport Layer
Intelligent Network Services through Active Flow Manipulation
Presentation transcript:

EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006

Outline Sparta effort on methodology Xiaowei Yang at UCI Tool Internals – Brett Wilson Purdue – Sonia Fahmy

SPARTA Team Participants DETER – Steve Schwab, Ron Ostrenga, Brad Harris, David Balenson EMIST DDoS – Steve Schwab, Brett Wilson, Ron Ostrenga, Alefiya Hussain, Calvin Ko, Roshan Thomas, Brad Harris

Objectives A methodology should provide a sequence of well-defined steps which can guide an experimenter in defining and conducting their evaluation Define a canonical DDoS experiment Provide a set of resources Detail the process of conducting comparable DDoS experiments Make it relatively easy to create a DDoS experiment scenario Create a notational short-hand for describing and comparing experiments Archive several experiment descriptions along with data and results to seed the process Identify limitations of simulation and emulation, and the effect of scale on experimental results

Canonical Experiment Setup Attack Traffic: FLOOD | STARVATION | EXPLOITS | ROUTING | FUTURE Background Traffic: REPLAY | HARPOON | DRIVE HARPOON WITH REAL TRACES Topology: CANONICAL | INTERNET SCALE Defense Mechanisms: FLOODWATCH | DWARD | COSSACK | PUSHBACK | RED-PD Devices: CLOUDSHIELD | JUNIPER ROUTERS Measurements: HOST STATISTICS | PACKET TRACES Metrics & Visualization: EXTRINSIC NETWORK STATE | INTRINSIC DEFENSE STATE

Defense Mechanisms Floodwatch Router based detection of anomalies DWARD Source-end detection of abnormal TCP behavior COSSACK Collaborative detection of volume anomalies Pushback Router based detection of congestion CloudShield RED-PD

CloudShield IXP2800 Appliance – Available on DETER as an experimental device Emulate a router line-card – RED Queue Implementation – 4 ports x 1 Gigabit Ethernet Augment with RED-PD DDoS Defense – Identify misbehaving TCP flows or aggregates – Create building blocks suitable for exploring design space of DDoS defenses augmenting line-cards RED-PD DDoS Defense CloudShield Implementation Pre-filter RED Queue Attack Detector Attack Identifier Classifier OUTOUT IN From On the Robustness Of Router Based DDoS Defense Xu and Guerin, Computer CommunicationsReview, July 2005

Measurements and Metrics Goodput Ratio of attack to background traffic Link utilization A ttack rate Victim/ Server Average server response time Average server-side application throughput Connection completion time Rate of failed connections Throughput per flow loss per flow TCP Flow -decrease in goodput - increased aggregate attack rate - degraded server response time - decreased server-side application throughput - increased connection completion time - increased rate of failed connections - increased loss per flow

Topology Scaling Evaluate defense systems in larger, realistic network topologies AS level topologies consist of 300+ nodes Prune dormant nodes to create smaller topology Size of topology determined by density of attackers and background traffic sources A d1 d2 s1 V s2 A

Xiaowei Yang UCI

Overview of the Traffic Validation Architecture 1.Source requests permission to send. 2.Destination authorizes source for limited transfer, e.g, 32KB in 10 secs A capability is the proof of a destination’s authorization. 3.Source places capabilities on packets and sends them. 4.Network filters packets based on capabilities. cap

Deter Test Plan Implement TVA on the click router platform Router implemented as a collection of elements Test on Deter TVA router graph

Tool Internals

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.