Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 5, MAY 2007 Presented by: C. W. Fan-Chiang.

Published byAmbrose Stone Modified over 9 years ago

Similar presentations

Presentation on theme: "IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 5, MAY 2007 Presented by: C. W. Fan-Chiang."— Presentation transcript:

1 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 5, MAY 2007 Presented by: C. W. Fan-Chiang

2 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 2 Ruiliang Chen He is currently a PhD student in the Bradley Department of Electrical and Computer Engineering at Virginia Polytechnic Institute and State University (Virginia Tech). His research interests include traceback and mitigation mechanisms for thwarting denial-of-service attacks, attack-resilient routing protocols for wireless ad hoc networks, and security issues in cognitive radio networks. He is a student member of the IEEE.

3 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 3 Jung-Min Park He received the bachelor’s and master’s degrees in electronic engineering from Yonsei University, Seoul, Republic of Korea, in 1995 and 1997, respectively, and the PhD degree from the School of Electrical and Computer Engineering at Purdue University in 2003. His research interests include DoS attack countermeasures, e-commerce protocols, cognitive radio networks, key management, and applied cryptography. He is a member of the IEEE and the ACM.

4 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 4  Randolph Marchany He is currently the director of the Virginia Polytechnic Institute and State University (Virginia Tech) IT Security Testing Lab, a component of the university’s Information Technology Security Office. a coauthor of the FBI/SANS Institute’s “Top 10/20 Internet Security Vulnerabilities”, a co-author of the SANS Institute’s “Responding to DDoS Attacks”, Computer Security—Incident Handling—Step by Step,” He is a member of the IEEE.

5 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  INTRODUCTION  ATTACK DIAGNOSIS AND PARALLEL ATTACK DIAGNOSIS  PRACTICAL CONSIDERATIONS  SIMULATION AND RESULTS  RELATED WORK  CONCLUSION 2015/10/20OPLab,NTUIM 5

6 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  INTRODUCTION  ATTACK DIAGNOSIS AND PARALLEL ATTACK DIAGNOSIS  PRACTICAL CONSIDERATIONS  SIMULATION AND RESULTS  RELATED WORK  CONCLUSION 2015/10/20OPLab,NTUIM 6

7 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Defending against DDoS attacks is challenging for two reasons.  First, the number of attackers involved in a DDoS attack is very large.  Second, attackers usually spoof their IP addresses, which makes it very difficult to trace the attack traffic back to its sources.  Ingress/egress ; Subnet Spoofing? 2015/10/20OPLab,NTUIM 7

8 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Client puzzle, Max-min Servercentric router throttles, Differentiated service  The ideal countermeasure paradigm of Max- min Servercentric router throttles,  the attack detection module is placed at (or near) the victim and  the packet filtering module is placed as close to the attack sources 2015/10/20OPLab,NTUIM 8 Victim Attacker Packet Filtering Attack Detection

9 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  When attacks are detected downstream close to the victim, the upstream routers close to the attack sources filter attack packets using summarized attack signatures sent by the detection module.  However, have either or both of the following two drawbacks 2015/10/20OPLab,NTUIM 9

10 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  1.The need to securely forward attack signatures to the upstream routers. May require a global key distribution infrastructure for authenticating and verifying the attack signatures.(which is costly to deploy and maintain.) 2015/10/20OPLab,NTUIM 10

11 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  2.The dependence on attack signatures to separate attack traffic from legitimate traffic. Such a signature is very difficult for three reasons. 2015/10/20OPLab,NTUIM 11

12 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  2-1.In many cases, an attack detection module can only detect the existence of attacks but may not formulate any attack signatures from the observed traffic 2015/10/20OPLab,NTUIM 12

13 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  2-2.Even if an attack signature is obtained, it may not be usable to a router to filter packets when the signature lies above the network layer.  Because a router is a network-layer device, it would severely degrade its performance to examine the contents of every packet to match high-layer attack signatures 2015/10/20OPLab,NTUIM 13

14 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  2-3.Even signatures in the network layer may have limited value because the attackers can readily manipulate corresponding information.  Because An attacker can spoof source IP addresses and change the protocol field in the IP header, rendering these fields useless as valid attack signatures. The only absolutely reliable information in a packet is the destination IP address. 2015/10/20OPLab,NTUIM 14

15 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Attack Diagnosis (AD), a novel attack mitigation scheme that combines the concepts of Pushback and packet marking to thwart DDoS attacks. 2015/10/20OPLab,NTUIM 15

16 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  1.An Intrusion Detection System (IDS) installed at the victim (or at its firewall) detects an attack.  2.The victim instructs the upstream routers to start marking packets with trace back information.  3. Based on the marking information extracted from collected packets, the victim separates an attacker from other clients and traces back to the attack source.  4. The victim instructs the appropriate upstream routers to filter attack packets. 2015/10/20OPLab,NTUIM 16

17 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  However, AD is not appropriate for large-scale attacks involving a large number of attackers because the process would be very slow.  An extension to AD called Parallel Attack Diagnosis (PAD) that can throttle traffic coming from multiple attackers simultaneously in a single round. 2015/10/20OPLab,NTUIM 17

18 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  AD/PAD support the ideal DDoS countermeasure paradigm  AD/PAD is reactive in nature. No communication overhead is required when a network is not under attack.  AD/PAD employ deterministic packet marking, they are robust against forgery of marking fields 2015/10/20OPLab,NTUIM 18

19 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  AD/PAD throttle attackers in a “divide and conquer” fashion, very low false positive ratios are incurred. Moreover, PAD provides a “tunable” parameter that enables the network to adjust the diagnosis process delay and the false positive ratio.  AD/PAD do not rely on attack signatures for packet filtering and require no global key distribution infrastructure. 2015/10/20OPLab,NTUIM 19

20 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  INTRODUCTION  ATTACK DIAGNOSIS AND PARALLEL ATTACK DIAGNOSIS  PRACTICAL CONSIDERATIONS  SIMULATION AND RESULTS  RELATED WORK  CONCLUSION 2015/10/20OPLab,NTUIM 20

21 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Assumptions  Overview of AD and PAD  Attack Diagnosis  Parallel Attack Diagnosis  Analysis of False Positives  Analysis of Attack Mitigation Delay 2015/10/20OPLab,NTUIM 21

22 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Every host, either a client or a server, is connected to its local edge router.  Edge routers are, in turn, interconnected by core routers.  We refer to the server host being attacked as the victim. 2015/10/20OPLab,NTUIM 22

23 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  A recent study has shown that 95 percent of the routes observed in the Internet have fewer than five observable daily changes. we make the reasonable assumption that every route from a client to the victim is fixed during the timeframe of interest.  Assume that Internet routers are not compromised. 2015/10/20OPLab,NTUIM 23

24 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  False Negative to denote an attacker whose malicious packets have not been filtered,  False Positive to denote a legitimate client whose packets have been incorrectly throttled. 2015/10/20OPLab,NTUIM 24

25 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  The existence of an IDS module installed at the victim (or at its firewall), which is able to identify the existence of attacks after observing malicious traffic. 2015/10/20OPLab,NTUIM 25

26 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Some of the router interfaces are labeled with a locally unique number that identifies that interface port. We call this number the port identifier (PID).  However, when an interface port is connected to multiple hosts via a broadcast link-layer channel (such as in a LAN), a PID cannot be used to uniquely identify a host. 2015/10/20OPLab,NTUIM 26

27 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Router F maintains a virtual PID table, which maps a “virtual PID” to every MAC address that the router observes coming through interface x. 2015/10/20OPLab,NTUIM 27

28 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 28

29 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  PID is locally unique within a router, a string of PIDs can be used to uniquely identify the path from a server to a client. Eg.4-8-24-42 、 53—8- 50-27  AD is capable of throttling malicious traffic coming from a modest number of attackers.  PAD solves this problem by dealing with multiple attackers simultaneously. 2015/10/20OPLab,NTUIM 29

30 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  To support AD, a router needs to mark packets with its PIDs and other traceback-related information. For this purpose, we overload the 16-bit Identification field and one reserved bit in the IP header.  Note that IP fragments constitute a very small proportion of the actual Internet traffic (less than 0.25 percent) 2015/10/20OPLab,NTUIM 30

31 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Use a-bit hop-count field,  a b-bit PID field,  and a c-bit XOR field, where 2015/10/20OPLab,NTUIM 31

32 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Hop-count field in a packet records the number of hops from a router that first marks a given packet to the edge router that is immediately upstream of the victim.  PID field of a given packet records the PID of the router’s input interface port that processed the packet.  XOR field of a packet records the value obtained by taking the XOR (exclusive OR) of the least significant c bits of PID values. 2015/10/20OPLab,NTUIM 32

33 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  A router interface can be set to either of two marking modes.  Active Deterministic Marking Mode (ADMM) for V if it processes every packet destined for V as follows:  1) sets the hop-count field to zero,  2) copies its PID to the PID field, and  3) copies the least significant c bits of its PID to the XOR field. 2015/10/20OPLab,NTUIM 33

34 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  A router interface can be set to either of two marking modes.  Passive Deterministic Marking Mode (PDMM) for V if it processes every packet destined for V as follows:  1) increases the hop-count field by one and  2) computes the bit-by-bit XOR value of the least significant c bits of its PID and the XOR field value and writes the result back to the XOR field. 2015/10/20OPLab,NTUIM 34

35 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  AD process is triggered. The victim begins the process by sending a “DAI” (Diagnose-All- Interfaces) request with the TTL field set to 255 to its immediate edge router.  DII-p(Diagnose Individual Interface) request received by a router is always preceded by a DAI request. 2015/10/20OPLab,NTUIM 35

36 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 36 DAI SET all interface to ADMM DII-42 SET interface 42 to PDMM Others remain unchanged Status packet

37 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 37 DAI SET all C’s interface to ADMM DII-24 SET interface 24 to PDMM Others remain unchanged Status packet

38 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 38 V instruct G to trigger packet filter module on 4 Figure that C1 is an attacker Status packet DII-4

39 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 39 DAI SET all interface to ADMM DII-42 SET interface 27 、 42 to PDMM Others remain unchanged Status packet DII-27

40 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 40 DAI SET all C’s interface to ADMM DII-24 SET interface 24 to PDMM Others remain unchanged Status packet SET interface 50 to PDMM Others remain unchanged Status packet DII-50 DAI SET all B’s interface to ADMM

41 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 41 V instruct G to trigger packet filter module on 4 Figure that C1 is an attacker Status packet DII-4 Figure that C2 is an attacker V instruct F to trigger packet filter module on x And use Virtual PID to locate C2 Status packet DII-31

42 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 42

43 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  How can V determine that interface 50 belongs to B and interface 24 belongs to C?  PID 50 at hop 1 is grouped with PID 27 (and not PID 42) at hop 0 because 41 ⊕ 50 =27 2015/10/20OPLab,NTUIM 43

44 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 44

45 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Under the following assumptions, one can show that AD incurs no false negatives or false positives and PAD incurs no false negatives:  1) the attackers keep sending attack packets to the victim during the AD or PAD process,  2) the IDS installed at the victim can accurately identify attacks,  3) the MAC addresses are not spoofed. 2015/10/20OPLab,NTUIM 45

46 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  False positive occurs when each link of a legitimate client’s path (that is not on any attack path) collides with a link of an attack path, 2015/10/20OPLab,NTUIM 46

47 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  We assume that each router assigns PID values to its interfaces randomly from 0 to 2 b -1. If we assume that q attackers are diagnosed in a single round  The probability that a link of a legitimate client’s path collides with a link on an attack path is 2015/10/20OPLab,NTUIM 47

48 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  If a legitimate client’s path has m links that do not coincide with any links on any attack path, then its false positive probability is 2015/10/20OPLab,NTUIM 48

49 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 49

50 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 50

51 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 51

52 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 52 First step Each loop Last step

53 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 53 First step Each loop Last step

54 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  INTRODUCTION  ATTACK DIAGNOSIS AND PARALLEL ATTACK DIAGNOSIS  PRACTICAL CONSIDERATIONS  SIMULATION AND RESULTS  RELATED WORK  CONCLUSION 2015/10/20OPLab,NTUIM 54

55 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  PRACTICAL CONSIDERATIONS  Selection of Marking Field Length  Security Considerations  Issues of Router and Network Overhead  Gradual Deployment Considerations 2015/10/20OPLab,NTUIM 55

56 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Because the vast majority of routes in the Internet have fewer than 32 hops. Therefore, we set a = 5, which implies b + c = 12  In AD, we allocate all the remaining 12 bits to the PID field 2015/10/20OPLab,NTUIM 56

57 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  The role of the XOR field is to distinguish individual routes so that the DII commands can be issued to the appropriate routers.  On the other hand, the PID field identifies an individual interface port on a router, which helps the router discard DII requests with wrong PIDs. 2015/10/20OPLab,NTUIM 57

58 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  b ≧ c  b + c = 12  a + b + c = 17  Setting1 a = 6, b = 6, c = 5  Setting2 a = 5, b = 6, c = 6 2015/10/20OPLab,NTUIM 58

59 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  1)How to authenticate DAI?  2)How we deal with DII forgery? How to prevent DII against replay attack?  3)An attacker may attempt to forge information in the marking fields of packets. What should we do? 2015/10/20OPLab,NTUIM 59

60 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  1) The key required to authenticate the DAI requests can be established during an offline registration process  2) We can utilize a preceding DII request to authenticate its subsequent DII request in the chain, then all the DII requests in the chain are authenticated. 2015/10/20OPLab,NTUIM 60

61 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Victim uses a publicly known one-way hash function H() to generate a hash chain 2015/10/20OPLab,NTUIM 61

62 2015/10/20OPLab,NTUIM 62 Rx Ry Hop h DAI nhnh DII n h+1 Check if

63 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  3)Because AD/PAD use DPM a forged marking will be overwritten by intermediate routers. 2015/10/20OPLab,NTUIM 63

64 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  AD and PAD are reactive defense mechanisms, it is unlikely that a router will receive a large number of simultaneous requests for packet marking. This ensures that a router will not be overburdened with packet marking tasks the vast majority of the time. 2015/10/20OPLab,NTUIM 64

65 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  First, the commands the victim sends are from downstream to upstream, while the flooding goes the reverse direction.  Secondly, AD commands could contain some rate-limit requests (as Pushback does),  Another straightforward solution is to prioritize authenticated AD commands. 2015/10/20OPLab,NTUIM 65

66 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  Perimeter approach, AD/PAD is implemented only at the victim’s neighbor subnets, forming a perimeter of defense around the victim perimeter approach  Distributed diagnosis approach, the border routers of subnets, which support AD and PAD, coordinate the diagnosis process under the help of attack detection devices. 2015/10/20OPLab,NTUIM 66

67 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 67

68 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  INTRODUCTION  ATTACK DIAGNOSIS AND PARALLEL ATTACK DIAGNOSIS  PRACTICAL CONSIDERATIONS  SIMULATION AND RESULTS  RELATED WORK  CONCLUSION 2015/10/20OPLab,NTUIM 68

69 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  SIMULATION AND RESULTS  P FPPAD versus q  Attack Mitigation Delay  The Trade-Off between False Positives and Attack Mitigation Delay  Partial Subnet Deployment 2015/10/20OPLab,NTUIM 69

70 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks SIMULATION AND RESULTS  Use three topologies  Skitter Internet Map (d=6)  Lumeta Internet Mapping Projects (d=2)  Complete tree (d=6)  Use Gaussian distribution with μ is 16.5 and σ is 4 to simulate routes’ number of hops.(Upper bound 32 lower bound 1) 2015/10/20OPLab,NTUIM 70

71 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks SIMULATION AND RESULTS  In these simulations, we fixed  the number of attackers, Na, at 2,000 and  the total number of clients at 5,000.  We varied q from 10 to 2,000 in increments of 10.  Each datum is the average of 10 independent experiments. 2015/10/20OPLab,NTUIM 71

72 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks SIMULATION AND RESULTS – P FPPAD versus q 2015/10/20OPLab,NTUIM 72

73 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 73

74 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 74

75 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks 2015/10/20OPLab,NTUIM 75

76 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks SIMULATION AND RESULTS – Attack Mitigation Delay 2015/10/20OPLab,NTUIM 76  The implementing AD in subnet 157.130.0.0/16 and subnet 152.63.0.0/16 is crucial for lowering the false positive ratio.

77 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  INTRODUCTION  ATTACK DIAGNOSIS AND PARALLEL ATTACK DIAGNOSIS  PRACTICAL CONSIDERATIONS  SIMULATION AND RESULTS  RELATED WORK  CONCLUSION 2015/10/20OPLab,NTUIM 77

78 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  AD/PAD employ a “divide-and-conquer”strategy to isolate attacking hosts and filter their traffic.  AD/PAD’s framework is in line with the ideal framework of DDoS mitigation schemes. 2015/10/20OPLab,NTUIM 78

79 A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks  1. is reactive so as to incur limited overhead,  2. does not rely on attack signatures for filtering attack traffic,  3. is robust against IP spoofing and marking- field forgeries,  4. supports incremental deployment, and  5. incurs low false positives. 2015/10/20OPLab,NTUIM 79

80 2015/10/20OPLab,NTUIM 80 Thanks for listening

Download ppt "IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 18, NO. 5, MAY 2007 Presented by: C. W. Fan-Chiang."

Similar presentations

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 3: VLANs Routing & Switching.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.

Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.

Similar presentations

Ads by Google