Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006.

Published byRodney Washington Modified over 9 years ago

Similar presentations

Presentation on theme: "EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006."— Presentation transcript:

1 EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006

2 Outline Sparta effort on methodology Xiaowei Yang at UCI Tool Internals – Brett Wilson Purdue – Sonia Fahmy

3 SPARTA Team Participants DETER – Steve Schwab, Ron Ostrenga, Brad Harris, David Balenson EMIST DDoS – Steve Schwab, Brett Wilson, Ron Ostrenga, Alefiya Hussain, Calvin Ko, Roshan Thomas, Brad Harris

4 Objectives A methodology should provide a sequence of well-defined steps which can guide an experimenter in defining and conducting their evaluation Define a canonical DDoS experiment Provide a set of resources Detail the process of conducting comparable DDoS experiments Make it relatively easy to create a DDoS experiment scenario Create a notational short-hand for describing and comparing experiments Archive several experiment descriptions along with data and results to seed the process Identify limitations of simulation and emulation, and the effect of scale on experimental results

5 Canonical Experiment Setup Attack Traffic: FLOOD | STARVATION | EXPLOITS | ROUTING | FUTURE Background Traffic: REPLAY | HARPOON | DRIVE HARPOON WITH REAL TRACES Topology: CANONICAL | INTERNET SCALE Defense Mechanisms: FLOODWATCH | DWARD | COSSACK | PUSHBACK | RED-PD Devices: CLOUDSHIELD | JUNIPER ROUTERS Measurements: HOST STATISTICS | PACKET TRACES Metrics & Visualization: EXTRINSIC NETWORK STATE | INTRINSIC DEFENSE STATE

6 Defense Mechanisms Floodwatch Router based detection of anomalies DWARD Source-end detection of abnormal TCP behavior COSSACK Collaborative detection of volume anomalies Pushback Router based detection of congestion CloudShield RED-PD

7 CloudShield IXP2800 Appliance – Available on DETER as an experimental device Emulate a router line-card – RED Queue Implementation – 4 ports x 1 Gigabit Ethernet Augment with RED-PD DDoS Defense – Identify misbehaving TCP flows or aggregates – Create building blocks suitable for exploring design space of DDoS defenses augmenting line-cards RED-PD DDoS Defense CloudShield Implementation Pre-filter RED Queue Attack Detector Attack Identifier Classifier OUTOUT IN From On the Robustness Of Router Based DDoS Defense Xu and Guerin, Computer CommunicationsReview, July 2005

8 Measurements and Metrics Goodput Ratio of attack to background traffic Link utilization A ttack rate Victim/ Server Average server response time Average server-side application throughput Connection completion time Rate of failed connections Throughput per flow loss per flow TCP Flow -decrease in goodput - increased aggregate attack rate - degraded server response time - decreased server-side application throughput - increased connection completion time - increased rate of failed connections - increased loss per flow

9 Topology Scaling Evaluate defense systems in larger, realistic network topologies AS level topologies consist of 300+ nodes Prune dormant nodes to create smaller topology Size of topology determined by density of attackers and background traffic sources A d1 d2 s1 V s2 A

10 Xiaowei Yang UCI

11 Overview of the Traffic Validation Architecture 1.Source requests permission to send. 2.Destination authorizes source for limited transfer, e.g, 32KB in 10 secs A capability is the proof of a destination’s authorization. 3.Source places capabilities on packets and sends them. 4.Network filters packets based on capabilities. cap

12 Deter Test Plan Implement TVA on the click router platform Router implemented as a collection of elements Test on Deter TVA router graph

13 Tool Internals

Download ppt "EMIST DDoS Experimental Methodology Alefiya Hussain January 31, 2006."

Similar presentations

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007.

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Web Server Benchmarking Using the Internet Protocol Traffic and Network Emulator Carey Williamson, Rob Simmonds, Martin Arlitt et al. University of Calgary.

Web Server Benchmarking Using the Internet Protocol Traffic and Network Emulator Carey Williamson, Rob Simmonds, Martin Arlitt et al. University of Calgary.
Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.

Phalanx: Withstanding Multimillion-Node Botnets Colin Dixon Arvind Krishnamurthy Tom Anderson University of Washington NSDI 2008.
1 Advanced Security Research Wes Hardaker Eric Monteith, Russ Mundy, Eric O’Brian, Ron Ostrenga, Dan Sterne, Roshan Thomas NAI Labs under contract to DARPA.

1 Advanced Security Research Wes Hardaker Eric Monteith, Russ Mundy, Eric O’Brian, Ron Ostrenga, Dan Sterne, Roshan Thomas NAI Labs under contract to DARPA.
The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.

The Challenges of Repeatable Experiment Archiving – Lessons from DETER Stephen Schwab SPARTA, Inc. d.b.a. Cobham Analytic Solutions May 25, 2010.
Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,
MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA

MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA
CacheCast: Eliminating Redundant Link Traffic for Single Source Multiple Destination Transfers Piotr Srebrny, Thomas Plagemann, Vera Goebel Department.

CacheCast: Eliminating Redundant Link Traffic for Single Source Multiple Destination Transfers Piotr Srebrny, Thomas Plagemann, Vera Goebel Department.
© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.

© 2007 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. The Taming of The Shrew: Mitigating.
The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP 2001 1.

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.

A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.
A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.

A DoS-Limiting Network Architecture Presented by Karl Deng Sagar Vemuri.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.

Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.

Defending Against Low-rate TCP Attack: Dynamic Detection and Protection Haibin Sun John C.S.Lui CSE Dept. CUHK David K.Y.Yau CS Dept. Purdue U.
1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

1 TVA: A DoS-limiting Network Architecture Xiaowei Yang (UC Irvine) David Wetherall (Univ. of Washington) Thomas Anderson (Univ. of Washington)

Similar presentations

Ads by Google