Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale.

Published byPaula Porter Modified over 9 years ago

Similar presentations

Presentation on theme: "Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale."— Presentation transcript:

1 Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale

2 Goals Implement a system to demonstrate how smart packet filtering can mitigate Distributed Denial of Service (DDoS) attacks Monitor and control attacks centrally in a test environment

3 The System Components Custom routers for remotely controlled packet filtering (Linux machines) Distributed HTTP-based attackers Apache integration for detection, monitoring and router control Unified control and observation of experiments

4 System Architecture Apache server Tree of custom routers to choke excess traffic Generated HTTP traffic Central control

5 The Attackers An attacker is a daemon process sleeping on a machine until activated When activated, it starts a great number of connections to the web server Combined with other attackers, the rate higher of requests is higher than can be serviced

6 The Web Server The web server is a modified version of Apache that signals a counter process about incoming connections The counter process detects an attack when the rate of connections exceeds a threshold When an attack is detected, the neighboring routers are signaled to filter web traffic for a while, so the web server may catch up.

7 The Routers The routers in the experiment are in a tree topology with static routes, although this is not a requirement Each router knows its neighboring routers When triggered by a detector process, the routers begin filtering the specified traffic toward that server

8 The Control Software Provides consolidation and visualization for all Apache and router generated data Control interface for attacker processes

9 The Filtering Algorithm Detection is removed from the router software, as monitoring all types of traffic is unrealistic When enabled for a certain type of traffic (HTTP in the experiment), routers will begin to count packets of that type destined for the detecting server

10 The Filtering Algorithm (2) A router detects traffic when its threshold is reached, then blocks it (drops the packets) for a short duration, so that the server may catch up

11 Algorithm Limitations The threshold an duration for blocking in the experiment are fixed for each router, leaving much to be developed in the algorithm The tree topology is fixed throughout, so that only one node can be properly defended (needs a concept of relatively upstream or downstream)

12 Results The system effectively chokes high traffic Availability of the server to non-offending networks is compromised only before attack detection Non-offending traffic is unscathed beyond bandwidth limitations in offending networks The attacked server system is stable the whole time

Download ppt "Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale."

Similar presentations

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.

Authors: Alexander Afanasyev, Priya Mahadevany, Ilya Moiseenko, Ersin Uzuny, Lixia Zhang Publisher: IFIP Networking, 2013 (International Federation for.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Dynamic Process Allocation in Apache Server Yu Cai.

Dynamic Process Allocation in Apache Server Yu Cai.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
Communication-Efficient Distributed Monitoring of Thresholded Counts Ram Keralapura, UC-Davis Graham Cormode, Bell Labs Jai Ramamirtham, Bell Labs.

Communication-Efficient Distributed Monitoring of Thresholded Counts Ram Keralapura, UC-Davis Graham Cormode, Bell Labs Jai Ramamirtham, Bell Labs.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Application of NetFPGA in Network Security Hao Chen 2/25/2011.

Application of NetFPGA in Network Security Hao Chen 2/25/2011.
Routing.

Routing.
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.

1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
Dynamic Process Allocation in Apache Server Yu Cai.

Dynamic Process Allocation in Apache Server Yu Cai.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Design and Implementation of SIP-aware DDoS Attack Detection System.

Design and Implementation of SIP-aware DDoS Attack Detection System.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Anomaly Detection and Mitigation. Outline DoS and DDoS Anomaly Detection and Mitigation Systems Cisco DDoS Anomaly Detection and Mitigation Solutions.

Anomaly Detection and Mitigation. Outline DoS and DDoS Anomaly Detection and Mitigation Systems Cisco DDoS Anomaly Detection and Mitigation Solutions.
Networking Components Chad Benedict – LTEC 4550 1.

Networking Components Chad Benedict – LTEC
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Similar presentations

Ads by Google