Presentation is loading. Please wait.

Presentation is loading. Please wait.

DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith.

Published byErnest Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith."— Presentation transcript:

1 DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith

2 Overview ● Anatomy of a DDoS attack ● Example DDoS attack ● Cost of DDoS attacks ● Current State of DDoS defense ● Proposed System ● Financial Analysis

3 Anatomy of a DDoS Attack ● DDoS = Distributed Denial of Service ● Goal of attack: Deny legitimate users access

4 Anatomy of a DDoS Attack ● Attacker can be anyone: hacktivist, business competitor, military or script kiddie. ● Botnets can be rented for 9 dollars an hour or 70 dollars a day ● Freeware applications allow anyone ● to participate or launch an attack.

5 Anatomy of a DDoS attack

6 Example of a DDoS Attack ● SYN floods rely on the trusting nature of the SYN → SYN-ACK → ACK handshake. ● A malicious attacker sends SYN requests, but does not send ACK after getting SYN-ACK ● System resources are tied up by malicious requests, leaving none for legitimate users.

7 Cost of DDoS Attacks 2012 Survey on costs of DDoS Attacks.

8 Current State of DDoS Defense ● Based on victim network. ● Largely Autonomus. ● Passive Defenses: Firewalls and Protocol filtering. ● Reactive Defenses: Rate-Limiting, Filtering

9 Proposed System ● P2P architecture based. ● Wide deployment (edge networks and intermediate networks. ● Incorporate pattern and anomaly detection into system and share information between peers and regional databases ● Utilize Pushback actively stop DDoS attack streams.

10 Proposed System ● Pushback: A node sends out a message identifying the malicious packets and sends it to any nodes 1 hop away that are delivering the packets. ● Those nodes start dropping the packets and also send out a message advising the nodes in the next hop to do the same.

11 Limitations ● Would require a very wide adoption for both the pushback mechanism and the sharing of anomaly and pattern detection data to be successful. ● Adoption by intermediate networks may not happen as there is little incentive for them to do so. ● Source networks even less likely to adopt, limiting pushback capability.

12 Financial Analysis ● Cyber Security 63 billion dollars in 2011 a projected CAGR of 11.3% between 2012 and 2017 ● Increase in ease of attacks means attacks more likely to occur and security against DDoS attacks needs to be invested in. ● Attacks can cost up to 4.5 billion on average and result in a loss of 3.7% of customers

13 Questions?

Download ppt "DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith."

Similar presentations

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.

Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.
Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.

Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Distributed Reflection Denial of Service Networking Talks for the Insufficiently Paranoid Based on:

Distributed Reflection Denial of Service Networking Talks for the Insufficiently Paranoid Based on:
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Similar presentations

Ads by Google