Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya,

Published byHeather Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya,"— Presentation transcript:

1 1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya, Israel Hanoch Levy ETH Zurich, Switzerland

2 2 Study Objective Propose a DDoS Vulnerability performance metric  Vulnerability Measure  To be used in addition to traditional system performance metrics Understanding the vulnerability of different systems to sophisticated attacks This Talk Describe DDoS Vulnerability performance metric Demonstrate Metric impact  Hash Table: Very Common in networking  Performance (traditional) : OPEN equivalent CLOSED  Vulnerability analysis: OPEN << CLOSED!!

3 3 Distributed Denial of Service ( DDoS ) Attacker adds more regular users Loading the server - degrades the performance Server Performance Server Attacker Normal DDoS S. DDoS

4 4 Sophisticated DDoS Normal DDoS S. DDoS Server Performance Server Attacker Attacker adds sophisticated malicious users Each user creates maximal damage (per attack budget)

5 5 Sophisticated Attacks Examples  Simple example: Database server Make hard queries Goal: consume CPU time  Sophisticated attacks in the research: Reduction of Quality (RoQ) Attacks on Internet End-Systems Mina Guirguis, Azer Bestavros, Ibrahim Matta and Yuting Zhang INFOCOM 2005 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E.W.Knightly Sigcomm 2003 Denial of Service via Algorithmic Complexity Attacks Scott A. Crosby and Dan S. Wallach Usenix 2003

6 6 Our goal Proposing a Vulnerability measurement for all sophisticated DDoS attack  Vulnerability Measurement Understanding the vulnerability of different systems to sophisticated attacks  Later: Hash Tables and Queuing

7 7 Vulnerability Factor Definition Vulnerability= v means: Malicious user degrades the server performance v -times more than regular user Performance Degradation Scales (st = Malicious Strategy)

8 8 Vulnerability Factor Definition Performance After adding (budget =c) After adding (budget=c) Normal DDoS S. DDoS

9 9 Demonstration of Vulnerability metric: Attack on Hash Tables Central component in networks Hash table is a data structure based on Hash function and an array of buckets. Operations: Insert, Search and Delete of elements according to their keys. key Insert (element) Buckets Hash(key) User Server

10 10 Hash Tables Bucket = one element Collision-> the array is repeatedly probed until an empty bucket is found Bucket = list of elements that were hashed to that bucket Open Hash Closed Hash

11 11 Performance Factors In Attack  While attack is on: Attacker’s operations are CPU intensive  CPU loaded Post Attack:  Loaded Table  insert/delete/search op’s suffer Vulnerability: OPEN vs. CLOSED Traditional Performance: OPEN = CLOSED* What about Vulnerability? OPEN = CLOSED ? ( * when the buckets array of closed hash is twice bigger)

12 12 Attacker strategy (InsStrategy) Strategy:  Insert k elements (cost=budget=k) where all elements hash into the same bucket ( )  Theorem: InsStrategy is Optimal For both performance factors Closed Hash: Cluster Open Hash: One long list of elements Attack Results

13 13 In Attack: Resource Consumption V = Analytic results: Open Hash: Closed Hash: In every malicious insertion, the server has to traverse all previous inserted elements (+ some existing elements) Open Hash Closed Hash V =

14 14 Post Attack: Operation Complexity Open Hash Closed Hash Open Hash: Vulnerability =1 No Post Attack degradation in Open Hash (Only small chance to traverse the malicious list) Closed Hash: Big chance the operation has to traverse part of the big cluster

15 15 Post Attack: account for queuing Requests for the server are queued up Vulnerability of the (post attack) Waiting Time? Hash Table Server

16 16 Post Attack Waiting Time Open Hash: Vulnerable !! While in the model of Post Attack Operation Complexity the Open Hash is not Vulnerable ! Closed Hash: Drastically more vulnerable resulting: clusters increase the second moment of the hash operation times No longer stable for Load>48% Stability Point

17 17 Conclusions Closed Hash is much more vulnerable than the Open Hash to DDoS, even though the two systems are considered to be equivalent via traditional performance evaluation. After the attack has ended, regular users still suffer from performance degradation Application using Hash in the Internet, where there is a queue before the hash, has high vulnerability.

18 18 Related Work The alternative measure: Potency [RoQ]  Was defined only to RoQ  Only count the performance degradation of a specific attack  Vulnerability measures the system  Meaningless without additional numbers  Vulnerability is meaningful information based on this number alone Analyzing Hash: Comparing Closed to Open Hash, also analyzing the post attack performance degradation (Denial of Service via Algorithmic Complexity Attacks Scott A. Crosby and Dan S. Wallach Usenix 2003)

19 19 Questions?

Download ppt "1 Evaluating the Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya,"

Similar presentations

Preliminaries Advantages –Hash tables can insert(), remove(), and find() with complexity close to O(1). –Relatively easy to program Disadvantages –There.

Preliminaries Advantages –Hash tables can insert(), remove(), and find() with complexity close to O(1). –Relatively easy to program Disadvantages –There.
Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.

Lecture 6 Hashing. Motivating Example Want to store a list whose elements are integers between 1 and 5 Will define an array of size 5, and if the list.
DBMS 2001Notes 4.2: Hashing1 Principles of Database Management Systems 4.2: Hashing Techniques Pekka Kilpeläinen (after Stanford CS245 slide originals.

DBMS 2001Notes 4.2: Hashing1 Principles of Database Management Systems 4.2: Hashing Techniques Pekka Kilpeläinen (after Stanford CS245 slide originals.
Optimal Fast Hashing Yossi Kanizo (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) and David Hay (Hebrew Univ., Israel)

Optimal Fast Hashing Yossi Kanizo (Technion, Israel) Joint work with Isaac Keslassy (Technion, Israel) and David Hay (Hebrew Univ., Israel)
Udi Ben-Porat ETH Zurich Switzerland

Udi Ben-Porat ETH Zurich Switzerland
Hashing21 Hashing II: The leftovers. hashing22 Hash functions Choice of hash function can be important factor in reducing the likelihood of collisions.

Hashing21 Hashing II: The leftovers. hashing22 Hash functions Choice of hash function can be important factor in reducing the likelihood of collisions.
On the Exploitation of CDF based Wireless Scheduling Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya, Israel Hanoch Levy ETH Zurich,

On the Exploitation of CDF based Wireless Scheduling Udi Ben-Porat Tel-Aviv University, Israel Anat Bremler-Barr IDC Herzliya, Israel Hanoch Levy ETH Zurich,
Cuckoo Hashing : Hardware Implementations Adam Kirsch Michael Mitzenmacher.

Cuckoo Hashing : Hardware Implementations Adam Kirsch Michael Mitzenmacher.
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.

Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.
Hash Tables With Finite Buckets Are Less Resistant to Deletions Yossi Kanizo (Technion, Israel) Joint work with David Hay (Columbia U. and Hebrew U.) and.

Hash Tables With Finite Buckets Are Less Resistant to Deletions Yossi Kanizo (Technion, Israel) Joint work with David Hay (Columbia U. and Hebrew U.) and.
CSE 250: Data Structures Week 12 March 31 – April 4, 2008.

CSE 250: Data Structures Week 12 March 31 – April 4, 2008.
11.Hash Tables Hsu, Lih-Hsing. Computer Theory Lab. Chapter 11P.2 11.1 Directed-address tables Direct addressing is a simple technique that works well.

11.Hash Tables Hsu, Lih-Hsing. Computer Theory Lab. Chapter 11P Directed-address tables Direct addressing is a simple technique that works well.
Sets and Maps Chapter 9. Chapter 9: Sets and Maps2 Chapter Objectives To understand the Java Map and Set interfaces and how to use them To learn about.

Sets and Maps Chapter 9. Chapter 9: Sets and Maps2 Chapter Objectives To understand the Java Map and Set interfaces and how to use them To learn about.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Hash Tables1 Part E Hash Tables   0 1 2 3 4 451-229-0004 981-101-0002 025-612-0001.

Hash Tables1 Part E Hash Tables  
1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.

1 Introduction to Load Balancing: l Definition of Distributed systems. Collection of independent loosely coupled computing resources. l Load Balancing.
Design and Analysis of Algorithms - Chapter 71 Hashing b A very efficient method for implementing a dictionary, i.e., a set with the operations: – insert.

Design and Analysis of Algorithms - Chapter 71 Hashing b A very efficient method for implementing a dictionary, i.e., a set with the operations: – insert.
Introduction to Hashing CS 311 Winter, 2013. Dictionary Structure A dictionary structure has the form: (Key, Data) Dictionary structures are organized.

Introduction to Hashing CS 311 Winter, Dictionary Structure A dictionary structure has the form: (Key, Data) Dictionary structures are organized.
Introducing Hashing Chapter 21 Copyright ©2012 by Pearson Education, Inc. All rights reserved.

Introducing Hashing Chapter 21 Copyright ©2012 by Pearson Education, Inc. All rights reserved.

Similar presentations

Ads by Google