Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quantitative Characterization of Denial of Service Attacks: A Case Study of Location Services Adam Bargteil David Bindel Yan Chen.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Quantitative Characterization of Denial of Service Attacks: A Case Study of Location Services Adam Bargteil David Bindel Yan Chen."— Presentation transcript:

1 Quantitative Characterization of Denial of Service Attacks: A Case Study of Location Services Adam Bargteil David Bindel Yan Chen

2 Motivation & Related Work DoS attacks are increasing in frequency and severity –Increased 50% per year 1989-1995 (J.D. Howard, PhD thesis) –Yahoo, Amazon, eBay, gateway.eecs.berkeley.edu (12/08) DoS attacks resource availability –A spectrum metric rather than binary metric Related prior work –Formal resource allocation models J. Millen, "A Resource Allocation Model for DoS" C. Meadows, "A Formal Framework and Evaluation Method for Network Denial of Service" –Microbenchmarks demonstrate particular attacks and counters C. Schuba, I. Krsul, M. Kuhn et al. "Analysis of a DoS Attack on TCP" O. Spatscheck and L. Peterson, "Defending against DoS Attacks in Scout" –Measurements of availability under benign faults A. Brown and D. Patterson, “Towards Availability Benchmarks: A Case Study of Software RAID Systems”

3 Measuring DoS of Directory Services Directory services are crucial to distributed computing –Data location, DNS, LDAP, CORBA, etc. –Centralized directory servers are vulnerable to DoS attack –Replicated directory servers suffer consistency overhead with limited resistance to DoS attack –Distributed directory services remove single failure point Randomized algorithm by Plaxton et al, and its extension, Tapestry Measurement framework –No real-world testbed environments so use ns-based simulator –Realistic continuous workload generation with attacks injected –Metrics throughput request response latency

4 Plaxton Location Service Each node and object is assigned a pseudorandom label Each object has an associated embedded tree –Root node label matches object ID in most rightmost bits Ties are broken by a complete ordering over the nodes –Nodes j levels above leaves agree with root label in >= j bits –Parent of a node is the nearest node which matches the root label in the correct number of rightmost bits –Other close nodes with matching bits are secondary neighbors 111 100 011 101 000 001 Tree rooted at 111

5 Simulation Setup Topology generated with GT-ITM –Transit-stub model, 100 nodes, 1 transit domain, 8 subnets –Extended with realistic Internet bandwidth J. Jannotti, et al. “Overcast: Reliable Multicasting with an Overlay Network” Synthetic hot-cold pattern workload –60 objects, 15% hot takes 90% requests, size 5kB~50kB –Each object has 3 replicas on 3 random nodes One directory server on a random non-transit node Plaxton node labels and object IDs are hashes of names Node-to-node cost metric in setting up Plaxton data structures was hop-by-hop latency Plaxton neighbor tables pre-computed

6 Simulated Attacks Flooding attacks –Three different rates from 1 or 4 attackers –Attackers local or remote with respect to victim node –Directory server or root node for a hot object False advertising of object replicas –Can attract more traffic to a particular replica Or to a non-existent replica! Corruption of Plaxton neighbor tables –Single node thinks it is the root for everything Corruption of underlying network distance function –Neighbor tables initialized based on a network with a cross-link not present in the real network

7 Dynamics of flooding directory server - Remote attacker(s)

8 Dynamics of flooding directory server - Remote attacker(s)

9 Remote Attackers Simulation

10

11 Plaxton Location Corrupting a node’s neighbor tables does not completely destroy lookup even in the worst case. Unless the corrupt node is close to the root for an object, the corruption will have almost no impact. Load of responding to lookup requests is spread out Yellow nodes are unable to retrieve object due to corruption of green node

12 Effect of Forged Cost Function during Initialization Correct topology Nodes are colored to indicate which of three replicas satisfy their request. Node color:BlueRed Black Replica color:GreenOrange Yellow With forged edge

13 Conclusions –Set up simple benchmark for a set of DoS attacks –Applied framework to study effect of specific attacks Showed resistance of Plaxton data structure to floods Showed susceptibility to Plaxton-specific attacks Future work –Apply this methodology to study of other DoS attacks –Simulate larger networks for more realistic evaluation –Investigate additional attacks on Tapestry During dynamic insertion of nodes During replica deletion During use as a routing infrastructure –Model possible countermeasures to proposed attacks

14 Dynamics of flooding directory server - Remote attacker(s)

15 Dynamics of flooding directory server - Remote attacker(s)

16 Plaxton - Access with Locality Nodes are colored to indicate which of three replicas satisfy their request. Node color:BlueRed Black Replica color:GreenOrange Yellow

17 Plaxton Location Load of responding to lookup requests is somewhat spread out But majority of lookups often reference a single replica

Download ppt "Quantitative Characterization of Denial of Service Attacks: A Case Study of Location Services Adam Bargteil David Bindel Yan Chen."

Similar presentations

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.

Dynamic Replica Placement for Scalable Content Delivery Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy, EECS Department.
2009-03-16 1 Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.

Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.

Tapestry: Decentralized Routing and Location SPAM Summer 2001 Ben Y. Zhao CS Division, U. C. Berkeley.
Alex Cheung and Hans-Arno Jacobsen August, 14 th 2009 MIDDLEWARE SYSTEMS RESEARCH GROUP.

Alex Cheung and Hans-Arno Jacobsen August, 14 th 2009 MIDDLEWARE SYSTEMS RESEARCH GROUP.
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Evaluation of a Scalable P2P Lookup Protocol for Internet Applications

Evaluation of a Scalable P2P Lookup Protocol for Internet Applications
Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.
Digital Library Service – An overview Introduction System Architecture Components and their functionalities Experimental Results.

Digital Library Service – An overview Introduction System Architecture Components and their functionalities Experimental Results.
Scalable Content-Addressable Network Lintao Liu 2001.11.19.

Scalable Content-Addressable Network Lintao Liu
CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.

CHORD – peer to peer lookup protocol Shankar Karthik Vaithianathan & Aravind Sivaraman University of Central Florida.
What’s the Problem Web Server 1 Web Server N Web system played an essential role in Proving and Retrieve information. Cause Overloaded Status and Longer.

What’s the Problem Web Server 1 Web Server N Web system played an essential role in Proving and Retrieve information. Cause Overloaded Status and Longer.
1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.

1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.

Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
The Oceanstore Regenerative Wide-area Location Mechanism Ben Zhao John Kubiatowicz Anthony Joseph Endeavor Retreat, June 2000.

The Oceanstore Regenerative Wide-area Location Mechanism Ben Zhao John Kubiatowicz Anthony Joseph Endeavor Retreat, June 2000.
Small-world Overlay P2P Network

Small-world Overlay P2P Network
MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno.

MIDDLEWARE SYSTEMS RESEARCH GROUP A Taxonomy for Denial of Service Attacks in Content-based Publish/Subscribe Systems Alex Wun, Alex Cheung, Hans-Arno.
SCAN: A Dynamic, Scalable, and Efficient Content Distribution Network Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy,

SCAN: A Dynamic, Scalable, and Efficient Content Distribution Network Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy,
The Impact of DHT Routing Geometry on Resilience and Proximity New DHTs constantly proposed –CAN, Chord, Pastry, Tapestry, Plaxton, Viceroy, Kademlia,

The Impact of DHT Routing Geometry on Resilience and Proximity New DHTs constantly proposed –CAN, Chord, Pastry, Tapestry, Plaxton, Viceroy, Kademlia,

Similar presentations

Ads by Google