Presentation is loading. Please wait.

Presentation is loading. Please wait.

October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien.

Published byIliana Gosse Modified over 10 years ago

Similar presentations

Presentation on theme: "October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien."— Presentation transcript:

1 October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien 1 1 CSE Department, UCSD 2 Math Department, UCSD

2 October 31st, 2003ACM SSRS'03 Outline Background System Model Analytical Results Summary & Future Work

3 October 31st, 2003ACM SSRS'03 Motivation DoS attacks compromise important websites “Code Red” worm attack on Whitehouse website Yahoo, Amazon, eBay DoS is a critical security problem Global corporations lost over $1.39 trillion (2000) 60% due to viruses and DoS attacks. FBI reports DoS attacks are on the rise => DoS an important problem

4 October 31st, 2003ACM SSRS'03 Denial-of-Service Attacks Attackers prevent legitimate users from receiving service Application level (large workload) Infrastructure level Internet Application Service Service Infrastructure Legitimate User

5 October 31st, 2003ACM SSRS'03 Denial-of-Service Attacks Attackers prevent legitimate users from receiving service Application level Infrastructure level (traffic flood) – require IP addr Internet Application Service Service Infrastructure Legitimate User

6 October 31st, 2003ACM SSRS'03 Use Overlay Network to Resist Infrastructure DoS Attack Applications hide behind proxy network (location-hiding)  this talk Proxy network DoS-resilient – shielding applications Need to tolerate massive proxy failures due to DoS attacks Addressed in on-going research Internet Legitimate User 132.233.202.13 Overlay Network App attackers where ?

7 October 31st, 2003ACM SSRS'03 Overlay Network Proxy Network Topology & Location Hiding Proxy node: software component run on a host Proxy nodes adjacent iff IP addresses are mutually known Compromising one reveals IP addresses of adjacent nodes Topology = structure of node adjacency  how hard to penetrate, effectiveness of location-hiding A B Adjacent

8 October 31st, 2003ACM SSRS'03 Problem Statement Focus on location-hiding problem Impact of topology on location-hiding Good or robust topologies: hard to penetrate and defenders can easily defeat attackers Bad or vulnerable topologies: attackers can quickly propagate and remain side the proxy network Robust (favorable) Vulnerable (unfavorable) topologies

9 October 31st, 2003ACM SSRS'03 Attack: Compromise and Expose Attackers: steal location information using host compromise attacks A proxy node is: Compromised: attackers can see all its neighbors’ IP addresses Exposed: IP addresses known to attackers Intact: otherwise Overlay Network intact exposed compromised   Compromised!!

10 October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource Recovery: compromised  exposed/intact Proactive (periodic clean system reload) Reactive (IDS triggered system cleaning) Proxy network reconfiguration: exposed/compromised  intact Proxy migration – move proxy to a different host Overlay Network intact exposed compromised Recovered!

11 October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource Recovery: compromised  exposed/intact Proactive (periodic clean system reload) Reactive (IDS triggered system cleaning) Proxy network reconfiguration: exposed/compromised  intact Proxy migration – move proxy to a different host Overlay Network intact exposed compromised Move to new location!

12 October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource recovery + Proxy network reconfiguration Exposed  Intact (at certain probability  ) Compromised  Intact (at certain probability  ) Overlay Network intact exposed compromised Move to new location!

13 October 31st, 2003ACM SSRS'03 Analytical Model Model M(G, , ,  ) G: topology graph of the proxy network  : speed of attack (at prob , exp  com)  : speed of defense (at prob , com  intact)  : speed of defense (at prob , exp  intact) Nodes adjacent to a compromised node is exposed intact exposed compromised   

14 October 31st, 2003ACM SSRS'03 Theorem I (Robust Topologies) Average degree  1 of G is smaller than the ratio of speed between defenders and attackers:  (  +  )/  >  1 Even if many nodes are initially compromised, attackers’ impact can be quickly removed in O(logN) steps Defenders are quick enough to suppress attackers’ propagation Low average degrees are favorable      ,, ,, ,,,, ,, bad good

15 October 31st, 2003ACM SSRS'03 Theorem II (Vulnerable Topologies) Neighborhood expansion property  of G is larger than the ratio of speed between defenders and attackers:  >  /  Even if only one node is initially exposed, attackers’ impact quickly propagate, and will linger forever Applies to all sub-graphs Large clusters (tightly connected sub-graphs) are unfavorable hard to beat attackers inside the cluster

16 October 31st, 2003ACM SSRS'03 Case Study: existing overlays K-D CAN: k-dimensional Cartesian space torus RR-k: random regular graph, degree = k N-Chord: N node Chord

17 October 31st, 2003ACM SSRS'03 Related Work Secure Overlay Services (SOS) [Keromytis02] Use Chord to provide anonymity to hide location of secret “servlets” Internet Indirection Infrastructure (i3) [Stoica02] Uses Chord for location-hiding Didn’t analyze how secure their location-hiding schemes are We showed that Chord is not a favorable topology Our previous work [Wang03] Studied feasibility of location-hiding using proxy networks Assumed favorable topology; focused on impact of defensive mechanisms, such as resource recovery and proxy reconfiguration This work focus on impact of topology

18 October 31st, 2003ACM SSRS'03 Summary & Future Work Summary Studied impact of topology on location-hiding and presented two theorems to characterize robust and vulnerable topologies Derived design principles on proxy networks for location-hiding Found popular overlays (such as Chord) not favorable Future Work Impact of correlated host vulnerabilities ( ,  and  non-constant) Design proxy networks to tolerate massive failures due to DoS attacks Performance implications and resource requirement for proxy networks

19 October 31st, 2003ACM SSRS'03 References [Wang03] J. Wang and A. A. Chien, “Using Overlay Networks to Resist Denial-of-Service Attacks”, Technical report, CSE UCSD, 2003. [Keromytis02] A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure Overlay Services”, In ACM SIGCOMM’02, Pittsburgh, PA, 2002. [Stoica02] I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana, “Internet Indirection Infrastructure”, In SIGCOMM, Pittsburge, Pennsylvania USA, 2002.

Download ppt "October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:
P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
1 Greedy Forwarding in Dynamic Scale-Free Networks Embedded in Hyperbolic Metric Spaces Dmitri Krioukov CAIDA/UCSD Joint work with F. Papadopoulos, M.

1 Greedy Forwarding in Dynamic Scale-Free Networks Embedded in Hyperbolic Metric Spaces Dmitri Krioukov CAIDA/UCSD Joint work with F. Papadopoulos, M.
Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.
Spectrum Based RLA Detection Spectral property : the eigenvector entries for the attacking nodes,, has the normal distribution with mean and variance bounded.

Spectrum Based RLA Detection Spectral property : the eigenvector entries for the attacking nodes,, has the normal distribution with mean and variance bounded.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
I3 Status Ion Stoica UC Berkeley Jan 13, 2003. The Problem Indirection: a key technique in implementing many network services,

I3 Status Ion Stoica UC Berkeley Jan 13, The Problem Indirection: a key technique in implementing many network services,
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.

1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.
Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz HIIT Short Course August 18-20, 2003.

Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz HIIT Short Course August 18-20, 2003.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
Internet Indirection Infrastructure (i3) Status – Summer ‘03 Ion Stoica UC Berkeley June 5, 2003.

Internet Indirection Infrastructure (i3) Status – Summer ‘03 Ion Stoica UC Berkeley June 5, 2003.
THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.

THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.
Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.

Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.

Similar presentations

Ads by Google