Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Divide-and-Conquer Strategy for Thwarting DDoS Attacks Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri.

Published byShawn Juniper Griffin Modified over 9 years ago

Similar presentations

Presentation on theme: "A Divide-and-Conquer Strategy for Thwarting DDoS Attacks Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri."— Presentation transcript:

1 A Divide-and-Conquer Strategy for Thwarting DDoS Attacks Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri

2 Outline Proposed scheme –AD : Attack Diagnosis –PAD : Parallel Attack Diagnosis Overview Simulation Results Conclusion

3 AD & PAD Features Support ideal DDoS countermeasure paradigm No overhead during normal traffic Deterministic packet marking Provide adjustable parameter Do not require global key distribution

4 Overview PID 4-8-24-42

5 Overview (contd.) Mark packet using 16-bit identification field and 1 reserved bit in IP header Use –a-bit hop-count field –b-bit PID field –c-bit XOR field a + b + c = 17, b ≥ c

6 Overview (contd.) ADMM (Active DMM) –Set hop-count field to zero –Copy own PID into PID field –Copy last c bits of PID to XOR field PDMM (Passive DMM) –Increase hop-count field by one –XOR field = last c bits of PID XOR field

7 AD DAI ■ ADMM ■ PDMM 27 42 21 24 7 62 DAI DII 42 36 52 8 47 29 18 21 4 DII 24

8 PAD Traceback multiple attack path simultaneously DII 42 → DII 42,27 Identify upstream interface using XOR

9 hopPIDXOR PAD DAI DII 27,42 27 42 21 24 62 7 24 50 19 0 42 27 2450 41 1

10 Simulation Results

11 Simulation Results (contd.)

12 UNACCEPTABLE

13 Conclusion AD and PAD employ divide-and-conquer strategy to isolate attackers Combine traceback and filtering technique Suffer deployment problem

14 Thank You!

Download ppt "A Divide-and-Conquer Strategy for Thwarting DDoS Attacks Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri."

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
Introducing MPLS Labels and Label Stacks

Introducing MPLS Labels and Label Stacks
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
CPSC 601.43 Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.

CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
FLIP : Flexible Interconnection Protocol Ignacio Solis Katia Obraczka.

FLIP : Flexible Interconnection Protocol Ignacio Solis Katia Obraczka.
An Implementation Framework for Trajectory-Based Routing in Ad Hoc Networks Murat Yuksel, Ritesh Pradhan, Shivkumar Kalyanaraman Electrical, Computer,

An Implementation Framework for Trajectory-Based Routing in Ad Hoc Networks Murat Yuksel, Ritesh Pradhan, Shivkumar Kalyanaraman Electrical, Computer,
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Chapter 10 Switching Fabrics. Outline Physical Interconnection Physical box with backplane Individual blades plug into backplane slots Each blade contains.

Chapter 10 Switching Fabrics. Outline Physical Interconnection Physical box with backplane Individual blades plug into backplane slots Each blade contains.
Packet Score: Statistics-based Overload Control against Distributed Denial-of- service Attacks: Yoohwan Kim,Wing Cheong Lau,Mooi Choo Chauh, H. Jonathan.

Packet Score: Statistics-based Overload Control against Distributed Denial-of- service Attacks: Yoohwan Kim,Wing Cheong Lau,Mooi Choo Chauh, H. Jonathan.
SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last time: finished brief overview.

SUNY at Buffalo; Computer Science; CSE620 – Advanced Networking Concepts; Fall 2005; Instructor: Hung Q. Ngo 1 Agenda Last time: finished brief overview.
Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Review of IP traceback Ming-Hour Yang The Department of Information & Computer Engineering Chung Yuan Christian University

Review of IP traceback Ming-Hour Yang The Department of Information & Computer Engineering Chung Yuan Christian University

Similar presentations

Ads by Google