Fighting the DDoS Menace!

Slides:



Advertisements
Similar presentations
Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
Advertisements

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Bilal Gonen, Murat Yuksel, Sushil Louis University of Nevada, Reno.
Random Flow Network Modeling and Simulations for DDoS Attack Mitigation Jiejun Kong, Mansoor Mirza, James Shu, Christian Yoedhana, Mario Gerla, Songwu.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Bilal Gonen University of Alaska Anchorage Murat Yuksel University of Nevada, Reno.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Network Layer Security Distributed Denial of Service (DDoS) attacks and the proposed solutions November 12, 2007.
Questions  RED vs. DropTail  What’s the key difference?  Why RED drops packet randomly?  What’s the major effect if using RED.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
Phalanx: Withstanding (?) Multimillion-Node (?) Botnets Paper by Colin Dixon, Thomas Anderson and Arvind Krishnamurthy NSDI ‘08 ?? by Mark Ison and Gergely.
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.
Extensible Security Services on the CROSS/Linux Programmable Router David K. Y. Yau Department of Computer Sciences Purdue University
Controlling High Bandwidth Aggregates in the Network Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker AT&T.
Design and Implementation of SIP-aware DDoS Attack Detection System.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Sample Research Defenses Packetscore Pushback Traceback SOS Proof-of-work systems Human behavior modeling SENSS.
1 A 曾天財 指導教授:梁明章 教授. Types of Attacks  Penetration  Eavesdropping  Man-in-the-Middle  Flooding 2.
Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale.
Whither Congestion Control? Sally Floyd E2ERG, July
1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.
Wireless Networking and Systems CSE 590 ns2 tutorial.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
GPS: A General Peer-to-Peer Simulator and its Use for Modeling BitTorrent Weishuai Yang Nael Abu-Ghazaleh
Redes Inalámbricas Máster Ingeniería de Computadores 2008/2009 Tema 7.- CASTADIVA PROJECT Performance Evaluation of a MANET architecture.
Cooperative Inter-node and Inter- layer Optimization of Network Procotols D. Kliazovich, F. Granelli, N.L.S. da Fonseca Editors: Sudip Misra, Mohammad.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
National Chi Nan University Performance Evaluation of Transport Protocols in Smart Meter Networks Speaker: Chia-Wen Lu Advisor: Dr. Quincy Wu Date: 2012/07/23.
Final Introduction ---- Web Security, DDoS, others
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
EC-Council Copyright © by EC-Council All Rights reserved. Reproduction is strictly prohibited Security News Source Courtesy:
Performance of HTTP Application in Mobile Ad Hoc Networks Asifuddin Mohammad.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
1 Modeling and Performance Evaluation of DRED (Dynamic Random Early Detection) using Fluid-Flow Approximation Hideyuki Yamamoto, Hiroyuki Ohsaki Graduate.
Requirements for Simulation and Modeling Tools Sally Floyd NSF Workshop August 2005.
Datacenter Network Simulation using ns3
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.
Quick-Start for TCP and IP Draft-amit-quick-start-03.txt A.Jain, S. Floyd, M. Allman, and P. Sarolahti ICIR, December
Open-Eye Georgios Androulidakis National Technical University of Athens.
Denial of Service Datakom Ht08 Jesper Christensen, Patrick Johansson, Robert Kajic A short introduction to DoS.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
DoS/DDoS attack and defense
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
Network Basics CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Denail of Service(Dos) Attacks & Distributed Denial of Service(DDos) Attacks Chun-Chung Chen.
KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.
Mitigating Distributed Denial of Service Attacks Using a Proportional- Integral-Derivative Controller Marcus Tylutki.
Xenia Mountrouidou (Dr. X)
Defending Against DDoS
Defending Against DDoS
Quick-Start for TCP and IP
Intro Cyber Security Labs on GENI
DDoS Attack and Its Defense
Intro Cyber Security Labs on GENI
Presentation transcript:

Fighting the DDoS Menace!

● Protx (Online payments processing firm) : October 31 st ● WeaKnees.com, RapidSatellite.com (e-commerce) October 6 th ● WorldPay (section of Royal Bank of Scotland) : October 4 th ● Authorize.net (US credit card processing firm) : September 23 rd Recent High Profile DDoS Attacks

Fighting the Good Fight ● Aggregate-based congestion control (ACC) – identify a pattern of packets – apply a rate-limiter to the pattern(s) ● Local ACC versus Global ACC – allow a router to request adjacent upstream routers to rate-limit traffic corresponding to a specific aggregate.

An Illustrated Example “Controlling High Bandwidth Aggregates in the Network” (Mahajan et al, 2001)

ACC Works???

The Scalable Simulation Framework ( ● focus on scalability model scalability: # of nodes, traffic flows, bandwidth, system heterogeneity ● contains a DDoS scenario ● much faster learning curve than NS tools (no tcl/tk)

What's the catch? ● Well, it turns out the DDoS scenario models a TCP SYN flooding denial of service attack. ● This DDoS attacks the TCP/IP stack of the target servers. It is not bandwidth limited! So congestion control is not the appropriate response. ● Quickly, we must model a bandwidth-limited DDoS attack....

Network Topology

Client Topology

Server Topology

DDoS Topology

But What Does It Do? ● 164 iterations, no DDoS enabled: – mean connections, std. dev ● 68 iterations, DDoS enabled: – mean connections, std. dev ● 59 iterations, DDoS enabled & local ACC: – mean connections, std. dev

TODO LIST ● Improve the effectiveness of the DDoS attack ● Use identical random number seeds across all three trial. This will show strict ordering of, DDoS < DDoS + local ACC ≤ no DDoS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.