ddos defense by defense by ddos offense offense
play

DDoS Defense by Defense by DDoS Offense Offense Published in ACM - PDF document

Jun 03, 2023 •359 likes •458 views

DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM06 Presented By: Marwa K. Elteir Outline Outline Problem definition Problem definition Related Work Related Work Speak Speak- -up up Model Model

  1. DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM’06 Presented By: Marwa K. Elteir Outline Outline Problem definition Problem definition Related Work Related Work Speak Speak- -up up � Model Model � � How far it is applicable? How far it is applicable? � � Model constraints Model constraints � Thinner Thinner � Random drops and Aggressive reties Random drops and Aggressive reties � � Explicit payment channel Explicit payment channel � Handling heterogeneous requests Handling heterogeneous requests Performance evaluation Performance evaluation 1

  2. Problem Definition Problem Definition DDoS : Application level Distributed Denial : Application level Distributed Denial DDoS of Services. of Services. computer criminals mimic legitimate client behaviour by sending proper- looking requests via compromised and commandeered hosts The attacker forces the victim server to spend much of its resources on spurious requests Related Work Related Work Over-provision massively. � Purchase enough computational resources to serve attackers and good clients. � - Web sites try to conserve computation by detecting and denying access to bots Detect and block. � Distinguish between good and bad clients like profiling techniques. � - They cannot easily handle heterogeneous requests Charge all clients in a currency. � Gives a client service only after it pays in some currency. � + There is no need to discriminate between good and bad clients � + A client to pay more for hard requests � - Good users must in aggregate have more of the currency than the attackers. 2

  3. Speak up Speak up An attacked server, B + g > c , (a) without speak-up (b) with speak-up. Speak up Speak up How much aggregate bandwidth does the legitimate clientele need for speak-up to leave them unharmed by an attack? Today’s botnets are less than 100,000 hosts average bot has roughly 100 Kbits/s of bandwidth – 500 Mbits/s assuming half bandwidth is used The average good client also has 100 Kbits/s of bandwidth. For spare capacity is 90%, speakup can fully defend the server against a 10,000-host if the good clients number is 1,000 n * 100 kbits/s = 1/9 (10,000 * 100 kbits/s) n =1,000 3

  4. Speak up Speak up How much aggregate bandwidth does the legitimate clientele need for speak-up to leave them unharmed by an attack? Assume that the number of served good clients Assume that the number of served good clients are proportional to their aggregate bandwidth. are proportional to their aggregate bandwidth. For a server with spare capacity 90%, the legitimate clientele needs only 1/9th of the aggregate bandwidth of the attacking clients Thinner Thinner Random Drops and Aggressive Retries Proportional allocation: by dropping requests at random to reduce the rate to c . Encouragement: for each request that it drops, immediately asks the client to retry. Please retry again now signal Problem : A good client sends only one packet per round-trip time (RTT). the clients send repeated retries in a congestion- controlled stream. 4

  5. Thinner Thinner Explicit payment channel Asks clients to pad their requests with dummy bytes. When the server is overloaded, the thinner asks a requesting client to open a separate payment channel . Contending client :The client then sends a congestion controlled stream of bytes on this channel. When the thinner receives such a notification from the server that it is ready, it holds a virtual auction : serve the client and terminate the channel Handling heterogeneous requests Handling heterogeneous requests Thinner breaks time into quanta. Each request is composed of equal-sized chunks. Thinner holds a virtual auction for each quantum. If a client’s request is made of x chunks, the client must win x auctions for its request to be fully served. 5

  6. Handling heterogeneous requests Handling heterogeneous requests Rather than terminate the payment channel once the client’s request is admitted: Performance Evaluation Performance Evaluation Validating the thinner allocation Validating the thinner allocation 6

  7. Performance Evaluation Performance Evaluation Validating the thinner allocation Validating the thinner allocation Performance Evaluation Performance Evaluation Latency Latency 7

  8. Performance Evaluation Performance Evaluation Byte cost Byte cost Performance Evaluation Performance Evaluation Heterogeneous network conditions (client Heterogeneous network conditions (client bandwidth) bandwidth) 8

  9. Performance Evaluation Performance Evaluation Heterogeneous network conditions (client Heterogeneous network conditions (client RTT) RTT) Thank you Thank you 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Is It Time To Play Offense or Defense with Defense Stocks? September 16, 2006 American

Is It Time To Play Offense or Defense with Defense Stocks? September 16, 2006 American

Is It Time To Play Offense or Defense with Defense Stocks? September 16, 2006 American Association of Individual Investors (DC Chapter) Kevin P. DeSanto, Vice President Houlihan Lokey Investment Banking Services Aerospace Defense

1.43k views • 79 slides
Yongdae Kim KAIST Offense vs. Defense q Know your enemy. Sun Tzu q "the only real

Yongdae Kim KAIST Offense vs. Defense q Know your enemy. Sun Tzu q "the only real

EE515/IS523 Think Like an Adversary Lecture 1 Introduction Yongdae Kim KAIST Offense vs. Defense q Know your enemy. Sun Tzu q "the only real defense is active defense - Mao Zedong q security involves thinking like an

732 views • 51 slides
Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
US Army War College Fellowship Cyber Defense/Offense Dr. Bill Young Department of Computer

US Army War College Fellowship Cyber Defense/Offense Dr. Bill Young Department of Computer

US Army War College Fellowship Cyber Defense/Offense Dr. Bill Young Department of Computer Science University of Texas at Austin Last updated: February 27, 2013 at 11:16 Dr. Bill Young: 1 Cyber Defense/Offense Some Sources Jeffrey Carr,

936 views • 60 slides
The BIPA Blitz Get Your Offense Ready So You are Not on Defense 11/19/2019 The BIPA Blitz Get

The BIPA Blitz Get Your Offense Ready So You are Not on Defense 11/19/2019 The BIPA Blitz Get

The BIPA Blitz Get Your Offense Ready So You are Not on Defense 11/19/2019 The BIPA Blitz Get Your Offense Ready So You are Not on Defense Your presenters Jim Shreve Susan Lorenc slorenc@thompsoncoburn.com jshreve@thompsoncoburn.com

357 views • 12 slides
A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter Reiher Manu Shantharam & David Hadka What is DoS? DoS A type of attack wherein access to computer resource / service is denied or

380 views • 18 slides
DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek Supervisor: Stavros Konstantaras (AMS-IX) SNE: Research Project II 03-07-2018 Introduction D istributed D enial o f S ervice DDoS attacks on banks in

720 views • 33 slides
READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you

READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you

READ AND REACT OFFENSE WHAT ITS NOT Not motion offense Motion offense is good if you have 5 intelligent great multi-dimensional players Most offenses are predicated on a certain type of player. Its also not an offense set

1.2k views • 87 slides
Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense Prevention DOS/DDoS Types Vulnerability attack Flooding attack DoS vs DDoS DoS: Attack is launched from single host Less

614 views • 26 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
SOMETIMES A GOOD DEFENSE IS THE BEST OFFENSE: A Summary of Certain Useful Product Liability

SOMETIMES A GOOD DEFENSE IS THE BEST OFFENSE: A Summary of Certain Useful Product Liability

13 SOMETIMES A GOOD DEFENSE IS THE BEST OFFENSE: A Summary of Certain Useful Product Liability Affirmative Defenses b y J a s o n K e e h f u s a n d E m i l y B a k e r 12 that a fundamental requirement of strict liability theory is

226 views • 4 slides
THE BEST OFFENSE IS A GOOD DEFENSE Every soldier in the world wears a bulletproof vest; it is

THE BEST OFFENSE IS A GOOD DEFENSE Every soldier in the world wears a bulletproof vest; it is

THE BEST OFFENSE IS A GOOD DEFENSE Every soldier in the world wears a bulletproof vest; it is practically the main defensive gear for anyone who uses a firearm, for those working in security agencies, in companies specialized in the

433 views • 21 slides
Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views • 44 slides
How to Play the Best Offense and Defense When it Comes to Trade Secret Protection: A

How to Play the Best Offense and Defense When it Comes to Trade Secret Protection: A

How to Play the Best Offense and Defense When it Comes to Trade Secret Protection: A Comprehensive Guide from Recruitment to Separation Allison Bowers | allison@hutchesonbowers.com | 512.777.4449 @hutchesonbowers

520 views • 23 slides
Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde,

Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde,

Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde, Hao Jin, Vyas Sekar, Prateek Saxena, Min Suk Kang July 8, 2019 | Dallas, TX Large-scale volumetric DDoS attacks are common (distributed denial of

569 views • 29 slides
Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar DDoS Attacks A persistent threat on the global Internet Working from home new online tools for collaboration New tools new attack

405 views • 9 slides
On Causal Analysis for Heterogeneous Networks Katerina Marazopoulou, David Arbour, David Jensen

On Causal Analysis for Heterogeneous Networks Katerina Marazopoulou, David Arbour, David Jensen

University of Massachusetts Amherst College of Information and Computer Sciences On Causal Analysis for Heterogeneous Networks Katerina Marazopoulou, David Arbour, David Jensen KDD Workshop on Causal Discovery August 2017 Causal inference in

690 views • 34 slides
Call Completion Probability in Heterogeneous Networks with Energy Harvesting Base Stations Craig

Call Completion Probability in Heterogeneous Networks with Energy Harvesting Base Stations Craig

Call Completion Probability in Heterogeneous Networks with Energy Harvesting Base Stations Craig Wang, Salman Durrani , Jing Guo and Xiangyun (Sean) Zhou Research School of Engineering, The Australian National University, Canberra, ACT 2601,

677 views • 42 slides
A Kernel-Based Approach to Exploiting Interaction-Networks in Heterogeneous Information Sources

A Kernel-Based Approach to Exploiting Interaction-Networks in Heterogeneous Information Sources

A Kernel-Based Approach to Exploiting Interaction-Networks in Heterogeneous Information Sources for Improved Recommender Systems Oluwasanmi (Sanmi) Koyejo Joydeep Ghosh ECE Dept., University of Texas at Austin HetRec 11, October 27, 2011,

574 views • 43 slides
Design and Evaluation of a Virtual Experimental Environment for Distributed Systems L. Sarzyniec,

Design and Evaluation of a Virtual Experimental Environment for Distributed Systems L. Sarzyniec,

. . Design and Evaluation of a Virtual Experimental Environment for Distributed Systems L. Sarzyniec, T. Buchert, E. Jeanvoine, L. Nussbaum . . 27/02/2013 PDP 2013, Belfast L. Sarzyniec, T. Buchert, E. Jeanvoine, L. Nussbaum Distem -

795 views • 27 slides
Performance Enhancement of Extended AFDX via Bandwidth Reservation for TSN/BLS Shapers Ana s

Performance Enhancement of Extended AFDX via Bandwidth Reservation for TSN/BLS Shapers Ana s

Performance Enhancement of Extended AFDX via Bandwidth Reservation for TSN/BLS Shapers Ana s Finzi, Ahlem Mifdaoui et al. July 3, 2018, RTN18 1/27 Context and Objectives System Model Bandwidth Reservation Methods Performance

885 views • 70 slides
Hyperscale FPGAs for HPC and Cloud Christoph Hagleitner, hle@zurich.ibm.com IBM Research -

Hyperscale FPGAs for HPC and Cloud Christoph Hagleitner, hle@zurich.ibm.com IBM Research -

SC 2016 Salt-Lake City, USA November 14, 2016 Hyperscale FPGAs for HPC and Cloud Christoph Hagleitner, hle@zurich.ibm.com IBM Research - Zurich Lab IBM Research Zurich Lab (ZRL) Established in 1956 Two Nobel Prizes (1986 and 1987)

201 views • 17 slides
Demo Abstract: Real-time Heterogeneous Edge Computing System for Social Sensing Applications Yue

Demo Abstract: Real-time Heterogeneous Edge Computing System for Social Sensing Applications Yue

Demo Abstract: Real-time Heterogeneous Edge Computing System for Social Sensing Applications Yue Zhang, Nathan Vance, and Dong Wang Department of Computer Science and Engineering University of Notre Dame IEEE RTAS 2018, Porto, Portugal 1

494 views • 6 slides
APPLICATIONS OF MINING HETEROGENEOUS INFORMATION NETWORKS Yizhou Sun College of Computer and

APPLICATIONS OF MINING HETEROGENEOUS INFORMATION NETWORKS Yizhou Sun College of Computer and

APPLICATIONS OF MINING HETEROGENEOUS INFORMATION NETWORKS Yizhou Sun College of Computer and Information Science Northeastern University yzsun@ccs.neu.edu July 25, 2015 Heterogeneous Information Networks Multiple object types and/or

1.23k views • 64 slides

More recommend