Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1.

Slides:

Advertisements

Similar presentations

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.

On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack INFOCOM Twentieth Annual Joint Conference of.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

IP Spoofing CIS 610 Week 2: 13-JAN Definition and Background n Def’n: The forging of the IP Source Address field in an IP packet n First mentioned.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.

Foundations of Network and Computer Security J J ohn Black Lecture #26 Nov 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

Examining IP Header Fields

On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.

Detecting SYN-Flooding Attacks ＡａｒｏｎＢｅａｃｈＣＳ３９５ＮｅｔｗｏｒｋＳｅｃｕｒｉｔｙＳｐｒｉｎｇ２００４.

Introduction to IP Traceback 交通大學電信系李程輝教授. 2 Outline  Introduction  Ingress Filtering  Packet Marking  Packet Digesting  Summary.

Exploiting Packet Header Redundancy for Zero Cost Dissemination of Dynamic Resource Information Peter A. Dinda Prescience Lab Department of Computer Science.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff

SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last time: finished brief overview.

Hash-Based IP Traceback Alex C. Snoeren, Craig Partidge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent, and W. Timothy Strayer.

04/12/2001ecs289k, spring ecs298k Distributed Denial of Services lecture #5 Dr. S. Felix Wu Computer Science Department University of California,

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Review of IP traceback Ming-Hour Yang The Department of Information & Computer Engineering Chung Yuan Christian University

Internet Protocol (IP)

Pi : A Path Identification Mechanism to Defend against DDos Attacks.

Tracking and Tracing Cyber-Attacks

Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.

資管 Lee Lesson 5 IP Packets: Delivery and Routing IP Layer operation.

Traceback Pat Burke Yanos Saravanos. Agenda Introduction Problem Definition Traceback Methods  Packet Marking  Hash-based Conclusion References.

CDPA 網管訓練駭客任務 2 Ethernet Switching ARP, IP, LAN, Subnet IP Header, Routing ICMP

Foundations of Network and Computer Security J J ohn Black CSCI 6268/TLEN 5550, Spring 2015.

Preventing Denial of Service Attacks by N.V.Krishna Rao (08034D0501) Under Supervision and Guidance of Dr. S.Durga Bhavani S.V.S.Hanumantha Rao (Internal.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Large-Scale IP Traceback in High-Speed Internet : Practical Techniques and Theoretical Foundation Jun (Jim) Xu Networking & Telecommunications Group College.

Traceback Pat Burke Yanos Saravanos. Agenda Introduction Problem Definition Benchmarks and Metrics Traceback Methods  Packet Marking  Hash-based Conclusion.

A Divide-and-Conquer Strategy for Thwarting DDoS Attacks Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

Packet-Marking Scheme for DDoS Attack Prevention

By Rod Lykins.  Brief DDoS Introduction  Packet Marking Overview  Other DDoS Defense Mechanisms.

CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.

1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.

DoS/DDoS attack and defense

Machine Learning Speaker :Chia-Shing Huang Advisor :Dr. Kai-Wei Ke 2016/01/14 1.

An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.

Net7: IP 協定 Internet Protocol 授課教師：雲林科技大學張慶龍老師.

Spoofing Prevention Method Srikanth T.S.S. Sri Lakshmi Ramya S.

Hash-Based IP Traceback Alex C. Snoeren +, Craig Partridge, Luis A. Sanchez ++, Christine E. Jones, Fabrice Tchakountio, Stephen T. Kent and W. Timothy.

Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering.

Introduction to IP Traceback 交通大學電信系李程輝教授 2004/3/26.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

Network Support For IP Traceback Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Slides originally byTeng.

Foundations of Network and Computer Security J J ohn Black Lecture #14 Oct 11 th 2004 CSCI 6268/TLEN 5831, Fall 2004.

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

Network Layer Protocols COMP 3270 Computer Networks Computing Science Thompson Rivers University.

Improving Security Over Ipv6 Authentication Header Protocol using IP Traceback and TTL Devon Thomas, Alex Isaac, Majdi Alharthi, Ali Albatainah & Abdelshakour.

Pi: A Path Identification Mechanism to Defend Against DDoS Attacks

Defending Against DDoS

Internet Protocol (IP)

Defending Against DDoS

Tracing Cyber Attacks Areej Al-Bataineh

Network Support For IP Traceback

IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.

Net 323 D: Networks Protocols

Detect and Prevent Rogue Traffic in Mobile Ad Hoc Networks

DDoS Attack and Its Defense

QoS Constrained Path Optimization Algorithm in NFV/SDN Environment

Presentation transcript:

Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正

Outline Background Traceback (Related work) DPM,PPM,DPPM EAST Performance Conclusion 2

Background DoS problem has been divided into three. 1. Prevention 2. Detection 3. Mitigation Traceback which is under Mitigation. 3

Traceback (Related work) There are many techniques have been proposed to traceback. 1. Link testing. 4

Traceback (Related work) There are many techniques have been proposed to traceback. 1. Link testing. 2. ICMP 1/20,000 5

Traceback (Related work) There are many techniques have been proposed to traceback. 1. Link testing. 2. ICMP 3. Logging 4. Packet Marking Deterministic Packet Marking(DPM) Probabilistic Packet Marking(PPM) Dynamic Probabilistic Packet Marking(DPPM) Storage 6

Deterministic Packet Marking(DPM) DPM marks every packet at the edge router. Use 16 bits IP Header and 1 bit Flag. 7

Probabilistic Packet Marking(PPM) Probability,p=1/25 IP header 16bits=> 8bits IP address, 8bits distance Routers 64Bits fragmentation to 8 x 8bits and victim combine. 8 DPM VS PPM

Dynamic Probabilistic Packet Marking(DPPM) Probability,p=1/d d is the traveling distance(by packet’s TTL) Packets to reconstruct the path are reduced. 9 DPPM VS PPM

TTL drawbacks 1. Initial TTL value is system dependent and would be changing based on the used system. 2. Attacker can intentionally inject packets with different TTL to confuse the technique. 10

EFFICIENT AS TRACEBACK (EAST) AS(Autonomous System),ASBR,BGP AIM: 1. Solve TTL drawbacks. 2. Reducing the required number of packets in the traceback. (Reduce storage at the victim) 11

EAST The 25 bits comes from three different fields, namely Type of service (TOS), identification(ID), and reservation flag (RF). 12

EAST Probability,p=1/(a-2) a is ASs from attacker to the AS of the victim. performs traceback at the AS level,a can be known in advance.  Solve TTL problem 13 32bits hash to 22bits

EAST algorithm 14

Performance and Analysis 15

Performance and Analysis 16

Conclusion DoS Traceback has many way. EAST maybe is better than PPM,DPPM. 17

REFERENCES [1] Ping-Hsien Yu, An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System, Department of Computer Science & Information Engineering 2011 [2] 彭士浩, 張晉銘, 卓信宏, 林宜隆, 趙涵捷, " 基於機率的封包標記選擇策略改善 IP 回溯效能," 第十六屆臺灣網際網路研討會 (TANET 2011), Ilan, Taiwan, October 24-26,

THANK YOU. 19