codef collaborative defense against large scale link
play

CoDef: Collaborative Defense against Large-Scale Link-Flooding - PowerPoint PPT Presentation

Apr 10, 2024 •202 likes •487 views

CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk Kang , Virgil D. Gligor CyLab, Carnegie Mellon University * Qualcomm Dec. 12, 2013 Large Scale Link-Flooding Attacks Massive DDoS attacks against

  1. CoDef: Collaborative Defense against Large-Scale Link-Flooding Attacks Soo Bum Lee * , Min Suk Kang , Virgil D. Gligor CyLab, Carnegie Mellon University * Qualcomm Dec. 12, 2013

  2. Large Scale Link-Flooding Attacks • Massive DDoS attacks against chosen targets in Internet Infrastructure GIG C2 Logistics ISR Smart Electric Grid scalable flooding impact Financial Services dropped legitimate packets 2

  3. Real World Example: “ Spamhaus ” Attack (2013) Adversary • flooding few links in 4 IXPs – scalable impact : regionally degraded connectivity Attack traffic – but easily mitigated : attack IXP flows are distinguished from flooding legitimate flows and filtered => lasted only ~ 1 - 1.5 hours 3 3

  4. Typical Defenses against Link-Flooding Attacks  Distinguish attack flows from legitimate ones  e.g., flow filtering, pushback, anti-spoof filtering, capability-based solutions But , advanced link-flooding attacks can easily circumvent the typical defenses 4

  5. “Crossfire” Attack (S&P’13) use “bot to public server” attack flows N bots M public servers flooding (e.g., HTTP web server) O ( NM ) flows “ indistinguishable ” attack flows from legitimate flows  many, low-rate, diverse source/destination addresses, protocol conforming, destination-wanted 5

  6. “Coremelt” Attack (ESORICS’09) use “bot to bot” colluding attack flows N bots flooding Our adversary model: “ indistinguishable link- flooding attacks” O ( N 2 ) flows 6

  7. Problems I. Identify the indistinguishable attack flows? - force the adversary’s untenable choice by conformance tests “I’m gonnamake him an offer he can’t refuse…” target II. Avoid collateral damage to legitimate flows? - route separation (i.e., providing detours for legitimate flows) III. Prevent the attack from being dispersed and causing unanticipated damage to legitimate flows? - pin down potential attack flows 7

  8. CoDef: Collaborative Defense 1. Collaborative Rerouting Target AS sends reroute requests to source ASes => provides detours around the flooded link Okay! Pls. avoid me! Link Source AS flooding Target AS 8

  9. CoDef: Collaborative Defense 2. Collaborative Rate Control Target AS sends rate-control requests to source ASes => allows source AS to prioritize flows Okay! Pls. slow down! Link Source AS flooding Target AS 9

  10. Motivations of Collaborative Defense Target AS  Has no way to distinguish attack flows by itself  Has limited control over the incoming traffic e.g., end-to-end AS-paths, traffic rate Source AS  Has no idea about the flooding at the remote target  Has good reason for collaboration to circumvent flooding Transit ASes  Has no incentive/motivation for changing (optimized/complex) routing policies 10

  11. CoDef Architecture • CoDef adds complementary routing functions – route controllers , secure route-control channels route-controller route-controller route-control autonomous router channel system 11

  12. Collaborative Rerouting C is flooded and A ’s packets to G are dropped (1) C sends re-route message to A : “ Please avoid me (i.e., C )” B * : default route R1 CG* BCG* CFG A BFG CBFG R2 Flooding B C G* A G D ABCG* F D E ADEFG FG * DEFG* EFG* FCG DABCG EDABCG 12

  13. Collaborative Rerouting C is flooded and A ’s packets to G are dropped (1) C sends re-route message to A : “ Please avoid me (i.e., C )” (2) A refers to its routing table and finds alternate route: ADEFG B * : default route R1 CG* BCG* CFG A BFG CBFG R2 Flooding B C G* A G D ABCG* F D E ADEFG FG * DEFG* EFG* FCG DABCG EDABCG 13

  14. Collaborative Rerouting C is flooded and A ’s packets to G are dropped (1) C sends re-route message to A : “ Please avoid me (i.e., C )” (2) A refers to its routing table and finds alternate route: ADEFG (3) A changes “Import Policy” of its BGP router (i.e., R2) B * : default route R1 CG* BCG* CFG A BFG CBFG R2 Flooding B C G* A G D ABCG* F D E ADEFG FG * DEFG* EFG* FCG DABCG EDABCG 14

  15. Collaborative Rerouting C is flooded and A ’s packets to G are dropped (1) C sends re-route message to A : “ Please avoid me (i.e., C )” (2) A refers to its routing table and finds alternate route: ADEFG (3) A changes “Import Policy” of its BGP router (i.e., R2) * : default route CG* “What if domain A BCG* CFG BFG CBFG is single-homed Flooding B C reroutingrequest exclusively to B ?” G* => rerouting at B A G ABCG* F D E ADEFG FG * DEFG* EFG* FCG DABCG EDABCG 15

  16. Rerouting Conformance Test Link Flooding 16

  17. Rerouting Conformance Test Okay! Link Flooding Okay! 17

  18. Rerouting Conformance Test 18

  19. Rerouting Conformance Test oh… wait… identify attack Link flooding has flows Flooding stopped! let’s create new attack flows ! 19

  20. Rerouting Conformance Test oh… wait… identify attack Link flooding has flows Flooding stopped! let’s create new attack flows ! Adversary’s untenable choice : give up the attack or be detected (by conforming to the test) (by creating new attack flows) 20

  21. Path Pinning identify attack flows! Link Flooding CoDef fixes attack paths to the target to prevent unanticipated damages 21

  22. Evaluation of Collaborative Rerouting  Internet AS topology  40K+ ASes and their business relationships (e.g., customer-provider, peer-peer) from CAIDA  538 attack ASes selected based on real spam bot distribution  Forwarding path decision model  preference: (i) cheaper paths; (ii) shorter paths 22

  23. Evaluation of Collaborative Rerouting evaluate the “availability of alternate paths” from legitimate ASes to a destination conservative attack scenario  all ASes on the attack paths (i.e., paths from attack ASes to destination) are the flooding targets Finding alternate paths : “ avoid target ASes ”  three evaluation policies  strict … P 1 … P 3  viable S … path exists?  flexible … D P 2 … P 4 … 23

  24. Availability of Alternate Paths 100 Destination ASes Series1 AS 20144 Connection Ratio (%) 80 Series2 AS 297 Series3 AS 7500 60 Series4 AS 27 Series5 40 AS 2149 Series6 AS 29216 20 0 strict 1 viable 2 flexible 3 24

  25. Ease of Deployment • No significant deployment cost – no changes to existing systems (e.g., BGP and OSPF)  honors routing policies of individual ASes  requires no disclosure of internal topology/policies • Significant deployment incentives – technical advantage  detects and mitigates large-scale link-flooding attacks – economical advantages  provides premium services 25

  26. Conclusion • CoDef : a practical mechanism for defending against large-scale link-flooding attacks • Test to identify the attack flows exploiting adversary’s untenable choices • Significant deployment incentives 26

  27. Thank You 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

VOCBENCH 2.0 A Collaborative Environment Web Application for the Development of Large Scale

VOCBENCH 2.0 A Collaborative Environment Web Application for the Development of Large Scale

University of Rome Tor Vergata VOCBENCH 2.0 A Collaborative Environment Web Application for the Development of Large Scale Thesauri and Concept Schemes Armando Stellato + , Sachit Rajbhandari*, Andrea Turbati + , Caterina Caracciolo*, Manuel

130 views • 11 slides
Large-scale Implementation of Collaborative Care Management for Depression and Diabetes and/ or

Large-scale Implementation of Collaborative Care Management for Depression and Diabetes and/ or

Large-scale Implementation of Collaborative Care Management for Depression and Diabetes and/ or Cardiovascular Disease Claire Neely, MD, FAAP Chief Medical Officer Institute for Clinical Systems Improvement No conflicts to

719 views • 25 slides
Providing structure to experimental data: A large scale heterogeneous database for collaborative

Providing structure to experimental data: A large scale heterogeneous database for collaborative

Providing structure to experimental data: A large scale heterogeneous database for collaborative model validation Jim Oreluk Arun Hegde Wenyu Li Andrew Packard Michael Frenklach SIAM NUMERICAL COMBUSTION 17 APRIL 4, 2017 Overview

683 views • 30 slides
A large scale heterogeneous database for collaborative model validation Jim Oreluk Arun Hegde

A large scale heterogeneous database for collaborative model validation Jim Oreluk Arun Hegde

Providing structure to experimental data: A large scale heterogeneous database for collaborative model validation Jim Oreluk Arun Hegde Wenyu Li Andrew Packard Michael Frenklach SIAM UNCERTAINTY QUANTIFICATION 18 APRIL 17, 2018 Overview

546 views • 26 slides
Panel on collaborative research methodology for large-scale computer systems Grigori Fursin

Panel on collaborative research methodology for large-scale computer systems Grigori Fursin

Panel on collaborative research methodology for large-scale computer systems Grigori Fursin EXADAPT/ASPLOS INRIA, France March 2012 Background 1993-1997 Semiconductor electronics, physics, neural networks First steps on auto-tuning and

950 views • 38 slides
Eviction Defense Collaborative PREVENT HOMELESSNESS PRESERVE AFFORDABLE HOUSING PROTECT SAN

Eviction Defense Collaborative PREVENT HOMELESSNESS PRESERVE AFFORDABLE HOUSING PROTECT SAN

Eviction Defense Collaborative PREVENT HOMELESSNESS PRESERVE AFFORDABLE HOUSING PROTECT SAN FRANCISCOS DIVERSITY Eviction Defense Collaborative The Eviction Defense Collaborative is the principal organization in San Francisco helping

486 views • 12 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO ENVIRONMENTAL CONFLICT RESOLUTION America Speaks presentation to the 2008 ECR Conference Table Introductions Please form groups of 4-5 and give: Your name

848 views • 41 slides
Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008 WenChuan Earthquake Zhang Huafeng and Jon Pedersen International Blaise Users Conference (IBUC) Baltimore, USA , 1 Introduction Two household

711 views • 22 slides
Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale

Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale

UNIVERSITY OF MODENA AND REGGIO EMILIA Peer-to-peer Architecture for Collaborative Intrusion and Malware Detection on a Large Scale Mirco Marchetti, Michele Messori and Michele Colajanni WebLab, University of Modena and Reggio Emilia, Italy

297 views • 19 slides
Investor Highlights // DECEMBER 2019 Enable Midstream Overview Large-scale, fully-integrated

Investor Highlights // DECEMBER 2019 Enable Midstream Overview Large-scale, fully-integrated

Investor Highlights // DECEMBER 2019 Enable Midstream Overview Large-scale, fully-integrated midstream platform Critical link between growing production and downstream markets Long-term relationships with large-cap producers, LDCs

415 views • 7 slides
Investor Highlights // AUGUST 2019 Enable Midstream Overview Large scale, fully integrated

Investor Highlights // AUGUST 2019 Enable Midstream Overview Large scale, fully integrated

Investor Highlights // AUGUST 2019 Enable Midstream Overview Large scale, fully integrated midstream platform Critical link between growing production and downstream markets Long-term relationships with large-cap producers, LDCs and

80 views • 7 slides
Investor Highlights // MARCH 2020 Enable Midstream Overview Large-scale, fully-integrated

Investor Highlights // MARCH 2020 Enable Midstream Overview Large-scale, fully-integrated

Investor Highlights // MARCH 2020 Enable Midstream Overview Large-scale, fully-integrated midstream platform Critical link between growing production and downstream markets Long-term relationships with large-cap producers, LDCs and

81 views • 7 slides
Large-scale EXecution for Industry & Society www.lexis-project.eu HPC, BIG DATA, IOT AND AI

Large-scale EXecution for Industry & Society www.lexis-project.eu HPC, BIG DATA, IOT AND AI

Co-funded by the Horizon 2020 Framework Programme of the European Union Grant Agreement Number 825532 Large-scale EXecution for Industry & Society www.lexis-project.eu HPC, BIG DATA, IOT AND AI FUTURE INDUSTRY-DRIVEN COLLABORATIVE

594 views • 7 slides
Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is graphene? Graphene is a truly 2D system made of Carbon atoms arranged in an honeycomb hexagonal lattice Zero-gap semiconductor with a low-energy linear

268 views • 6 slides
Random Methods for Large-Scale Linear Problems, Variational Inequalities, and Convex Optimization

Random Methods for Large-Scale Linear Problems, Variational Inequalities, and Convex Optimization

Random Methods for Large-Scale Linear Problems, Variational Inequalities, and Convex Optimization Doctoral Thesis Defense Mengdi Wang Laboratory for Information and Decision Systems (LIDS) Massachusetts Institute of Technology April 1st, 2013

512 views • 38 slides
Making Resolutions Count Julie Lalo, NWF Director of Affiliate Partnerships Doug Inkley, NWF

Making Resolutions Count Julie Lalo, NWF Director of Affiliate Partnerships Doug Inkley, NWF

National Wildlife Federation Making Resolutions Count Julie Lalo, NWF Director of Affiliate Partnerships Doug Inkley, NWF Senior Scientist Joe Wilkinson, Board Member, Iowa Wildlife Federation Joshua Saks, NWF Legislative Director January 14,

666 views • 11 slides
More information @ https://www.redhat.com/en/technologies/storage

More information @ https://www.redhat.com/en/technologies/storage

More information @ https://www.redhat.com/en/technologies/storage

630 views • 30 slides
2016 AJAS Annual Conference Development MASTERCLASS Monday, April 4, 2016 Photo by W Mustafeez -

2016 AJAS Annual Conference Development MASTERCLASS Monday, April 4, 2016 Photo by W Mustafeez -

2016 AJAS Annual Conference Development MASTERCLASS Monday, April 4, 2016 Photo by W Mustafeez - Creative Commons Attribution License https://www.flickr.com/photos/21663856@N08 Created with Haiku Deck Photo by BOBXNC - Creative Commons

359 views • 20 slides
G e t t i n g S e r i o u s A b o u t t h e D e v e l o p e r E x

G e t t i n g S e r i o u s A b o u t t h e D e v e l o p e r E x

G e t t i n g S e r i o u s A b o u t t h e D e v e l o p e r E x p e r i e n c e T r a v i s R e i t t e r F O S D E M 2 0 1 3 D e v e l o p e r E x p e r i e n c

921 views • 33 slides
Malware, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed,

Malware, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed,

Malware, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 18, 2013 Large-Scale Malware Worm = code

734 views • 39 slides
author profiling shared task on: Bots and gender profiling Francisco Rangel & Paolo Rosso

author profiling shared task on: Bots and gender profiling Francisco Rangel & Paolo Rosso

Overview of the 7 th author profiling shared task on: Bots and gender profiling Francisco Rangel & Paolo Rosso 10th September 2019 Bots: propaganda, fake news, inflammatory content Bots may influence users with comercial, political or

512 views • 35 slides
ELEC / COMP 177 Fall 2011 Some slides from Kurose

ELEC / COMP 177 Fall 2011 Some slides from Kurose

ELEC / COMP 177 Fall 2011 Some slides from Kurose and Ross, Computer Networking , 5 th Edition Some slides from CS244a @ Stanford Homework

1.15k views • 56 slides
Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What

#RSAC SESSION ID: SESSION ID: HTA-W10 Mirai and IoT Botnet Analysis Robert Graham http://blog.erratasec.com @ErrataRob #RSAC What this talk will cover? Brief overview of Mirai The cameras themselves Step by step from infection to attacks

962 views • 63 slides

More recommend