SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.

Slides:

Advertisements

Similar presentations

Chris Karlof and David Wagner

Advertisements

Security in Mobile Ad Hoc Networks

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

Quiz 1 Posted on DEN 8 multiple-choice questions

October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien.

CIS 459/659 – Introduction to Network Security – Spring 2005 – Class 13 – 4/5/05 1 D-WARD 1  Goal: detect attacks, reduce the attack traffic, recognize.

Mitigate DDoS Attacks in NDN by Interest Traceback Huichen Dai, Yi Wang, Jindou Fan, Bin Liu Tsinghua University, China 1.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

You should worry if you are below this point.  Your projected and optimistically projected grades should be in the grade center soon o Projected:  Your.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

1 SOS: Secure Overlay Services Angelos Keromytis, Dept. of Computer Science Vishal Misra, Dept. of Computer Science Dan Rubenstein, Dept. of Electrical.

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Using Overlays to Improve Security Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University SPIE ITCom Conference on Scalability and.

Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.

Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.

3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

Denial of Service Attacks: Methods, Tools, and Defenses Authors: Milutinovic, Veljko, Savic, Milan, Milic, Bratislav,

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Sample Research Defenses Packetscore Pushback Traceback SOS Proof-of-work systems Human behavior modeling SENSS.

On the Node Clone Detection inWireless Sensor Networks.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

1. SOS: Secure Overlay Service (+Mayday) A. D. Keromytis, V. Misra, D. Runbenstein Columbia University Presented by Yingfei Dong.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Tracking and Tracing Cyber-Attacks

Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Happy Network Administrators  Happy Packets  Happy Users WIRED Position Statement Aman Shaikh AT&T Labs – Research October 16,

Web Application Firewall (WAF) RSA ® Conference 2013.

Understanding the Network-Level Behavior of Spammers Best Student Paper, ACM Sigcomm 2006 Anirudh Ramachandran and Nick Feamster Ye Wang (sando)

Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

Mayday: Distributed Filtering for Internet Services David G. Andersen MIT Laboratory for Computer Science also WebSOS: Protecting Web Servers From DDoS.

Slide 1/24 Denial of Service Elusion (DoSE): Keeping Clients Connected for Less Paul Wood, Christopher Gutierrez, Saurabh Bagchi School of Electrical and.

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

Secure routing in wireless sensor network: attacks and countermeasures Presenter: Haiou Xiang Author: Chris Karlof, David Wagner Appeared at the First.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)

SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail.

Firewall Security.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Multimedia & Mobile Communications Lab.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.

Towards Anonymous Communication Infrastructure There are many existing anonymous communication solutions each having advantages and disadvantages and most.

DoS/DDoS attack and defense

Autonomic Response to Distributed Denial of Service Attacks Paper by: Dan Sterne, Kelly Djahandari, Brett Wilson, Bill Babson, Dan Schnackenberg, Harley.

Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.

Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:

Denial of Service Attacks Simulating Strategic Firewall Placement By James Box, J.A. Hamilton Jr., Adam Hathcock, Alan Hunt.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Presentation transcript:

SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome Harrington

Overview The main purpose of the paper is to propose a system which can be used to thwart Distributed Denial-of-Service attacks in a proactive manner

What’s a DDoS? Focuses on specific target or targets Floods targets with bogus traffic from many hosts which are likely to be compromised nodes Are generally quite difficult to defend against

Why so hard to defend? Large number of zombie nodes can exhaust resources in a very short amount of time, making quick detection difficult Source IP address on attack packets are often spoofed, making it impractical or impossible to block traffic from the source Backtracing to the origin of the attack requires cooperation from many ISPs and is too time consuming to be effective

What’s the basis for SOS? Be proactive, rather than reactive Use a distributed, self-healing system to limit the effects of DDoS attacks against the system itself Eliminate communication “pinch-points” because they are attractive DDoS targets

SOS High Level Architecture Somewhat similar to tor Top-Level Schematic

SOS Architecture Components Secure Overlay Access Points (SOAPs) Beacons Secret Servlets Any physical system can contain any combination of these components

SOS Architecture Process A SOAP receives traffic from an external source and verifies the traffic as legitimate using an arbitrary means of verification The SOAP routes traffic to an easily reachable beacon within the SOS The beacon then forwards the packet to a secret servlet node whose identity is known to only a few members of SOS The secret servlet forwards the packet to the target

SOS Architecture Process A filter is placed around the target that only allows traffic from a specific set of secret servlets Ideally, the filter should be at the network edge where core routers can handle massive amounts of traffic easily Needed filtering rules are minimal and therefore not resource-intensive

Routing through SOS The system uses a hash-based routing method to provide information on the next hop within the overlay to route traffic to the appropriate beacon and associated secret servlet(s) The authors used Chord (from a 2001 ACM SIGCOMM paper) in their implementation

Experimental Results Amazingly effective in experimentation! Attacks that target approximately 50% of the nodes in the overlay have about a 1 in 1000 chance of causing an actual Denial-of-Service Even better as the overlay scales

Performance Issues The base system takes a considerable performance hit as the system scales up A modified system was implemented such that SOAPs do a lookup through the beacon for the address of the secret servlet, cache its location and forward traffic directly to the secret servlet This leads to a latency hit around factor 2 If a node is actually downed, the system can heal itself within 10 seconds

Contributions & Strengths An intriguing and effective proactive means of defense against DDoS attacks Built on lots of previous work avoiding “reinventing the wheel” Written plainly and succinctly; an easy read

Weaknesses Testing was done in a clean-room environment, it would be interesting to see this in the wild Tradeoff in performance versus security regarding caching the location of secret servlets at the SOAP layer