Presentation is loading. Please wait.

Presentation is loading. Please wait.

10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790."— Presentation transcript:

1 10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790

2 10/21/20032 Introduction What is Denial-Of-Service Attack (DOS)? Adversary A can send huge amount of messages to y to block m from arriving at y x y m ……………… ????? A

3 10/21/20033 Introduction DOS can be Single source attack - Only one host Multi source attack (DDOS)- multiple hosts Launching is trivial but detection and response are not.

4 10/21/20034 Previous techniques used Anomaly detection detects ongoing attacks by the significant disproportional difference between packet rates going from and to the victim or attacker. Trace back techniques assist in tracking down attackers post-mortem Signature-scan techniques Try to detect attackers by monitoring network links over which the attackers’ traffic transits. Backscatter technique Allows detection of attacks that uniformly spoof source addresses in the complete IP address space.

5 10/21/20035 Attack taxonomy Software exploits Flooding attacks –Single source attacks –Multi source attacks –Reflector attacks

6 10/21/20036 Attack Taxonomy

7 10/21/20037 Attack Taxonomy

8 10/21/20038 Attack Taxonomy

9 10/21/20039 Attack classification Header content Transient Ramp-up behavior Spectral Characteristics

10 10/21/200310 Attack classification Header content -Using ID field Many Operating systems sequentially increment the ID field for each successive packet. -Using TTL value TTL value remains constant for the same source-destination pair.

11 10/21/200311 Attack Classification Using Header Contents Pseudo code to identify number of attackers based on header content. –Let P = { attack packets }, Pi ⊂ P, P = If ∀ p ∈ P ID value increases monotonically and TTL value remains constant then Single-source elseif ∀ p ∈ Pi ID value increases monotonically and TTL value remains constant Then Multi-source with n attackers else Unclassified

12 10/21/200312 Attack Classification Using Ramp-up behavior –Single source attacks do not exhibit ramp-up behavior. –Multi-source attacks do exhibit ramp-up. –Cannot robustly identify single-source attacks.

13 10/21/200313 Attack Classification

14 10/21/200314 Attack Classification Using Spectral Analysis –Single source attacks have a linear cumulative spectrum due to dominant frequencies spread across the spectrum. –Multi-source attacks shift spectrum to lower frequencies.

15 10/21/200315 Attack Classification

16 10/21/200316 Attack classification

17 10/21/200317 Attack Classification

18 10/21/200318 Attack Classification

19 10/21/200319 Evaluation Attack Detection Packet Headers Analysis Arrival Rate Analysis Ramp-up Behavior Analysis Spectral Content Analysis

20 10/21/200320 Evaluation

21 10/21/200321 Evaluation

22 10/21/200322 Evaluation

23 10/21/200323 Evaluation

24 10/21/200324 Evaluation

25 10/21/200325 Evaluation

26 10/21/200326 Evaluation

27 10/21/200327 Validation Observations from an alternate site Experimental Confirmation Clustered Topology Distributed Topology Understanding Multi-Source Effects

28 10/21/200328 Validation

29 10/21/200329 Validation

30 10/21/200330 Validation Understanding Multi-Source Effects 1. Aggregation of multiple sources at either slightly, or very different rates. 2. Bunching of traffic due to queuing behavior. 3. Aggregation of multiple sources, each at different phase.

31 10/21/200331 Validation

32 10/21/200332 Validation

33 10/21/200333 Applications Automating Attack Detection will be useful in selecting the appropriate response mechanism. Modeling Attacks will help in the attack detection and response. Inferring DoS Activity in the Internet will be useful at approximating attack prevalence if we can increase the size and duration of the monitored region.

34 10/21/200334 Conclusion This paper presented a framework to classify DoS attacks into single and multi- source attacks. If the spectral characteristics were altered, this paper does not give a method to classify those DoS attacks into single or multi-source attacks.

Download ppt "10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage Presented by Qian.

Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage Presented by Qian.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.

Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.

A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
Modeling Network Traffic as Images Seong Soo Kim and A. L. Narasimha Reddy Computer Engineering Department of Electrical Engineering Texas A&M University.

Modeling Network Traffic as Images Seong Soo Kim and A. L. Narasimha Reddy Computer Engineering Department of Electrical Engineering Texas A&M University.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Accurate Real-Time Identification of IP Prefix Hijacking Z. Morley Mao Xin Hu 2007 IEEE Symposium on and Privacy Oakland, California 2007 IEEE Symposium.

Accurate Real-Time Identification of IP Prefix Hijacking Z. Morley Mao Xin Hu 2007 IEEE Symposium on and Privacy Oakland, California 2007 IEEE Symposium.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.

Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.

On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
Characterizing and Defending Against DDoS Attacks Christos Papadopoulos..and many others.

Characterizing and Defending Against DDoS Attacks Christos Papadopoulos..and many others.
Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Similar presentations

Ads by Google