exploiting network structure for proactive
play

Exploiting Network Structure for Proactive Spam Mitigation Shobha - PowerPoint PPT Presentation

Aug 31, 2023 •365 likes •774 views

Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman, Subhabrata Sen, Oliver Spatscheck, Patrick Haffner, Dawn Song Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Bryan Parno, Dan Wendlandt,

  1. Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman, Subhabrata Sen, Oliver Spatscheck, Patrick Haffner, Dawn Song Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Bryan Parno, Dan Wendlandt, Elaine Shi, Adrian Perrig, Bruce Maggs, Yin-Chun Hu Presented by: Jason Croft cs598pbg Fall 2010

  2. Outline Spam  Network-Level Properties  Historical Nature of IP Addresses  Characteristics Network-Aware Clusters  Exploiting Properties  Denial-of-Service Attacks  DoS-Limiting Architectures/Techniques  Capabilities  Puzzles  Portcullis Architecture  Applications 

  3. Exploiting Network Structure for Proactive Spam Mitigation Shobha Venkataraman, Subhabrata Sen, Oliver Spatscheck, Patrick Haffner, Dawn Song USENIX Security '07 October 14, 2010 3

  4. Properties of Spam  Ramachandran and Feamster studied 17 months of spam  Compared to BGP route advertisements  Results:  Only a few IP address spaces contribute a majority of spam  Most spam sent by Windows, each host sending a small amount  Spammers use short-lived route announcements to remain untraceable Ramachandran and Feamster , “Understanding the Network - Level Behavior of Spammers”, SIGCOMM '06 October 14, 2010 4

  5. Properties of Spam  80.* - 90.* majority spam  60.* - 70.* majority legitimate  IP's are transient, 85% < 10 emails Ramachandran and Feamster , “Understanding the Network - Level Behavior of Spammers”, SIGCOMM '06 October 14, 2010 5

  6. Properties of Spam  > 10% originated from 2 ASes  36% originated from 20 ASes  40% of spam from top 20 ASes were from US Ramachandran and Feamster , “Understanding the Network - Level Behavior of Spammers”, SIGCOMM '06 October 14, 2010 6

  7. Properties of Spam (II)  Venkataraman et al.: Can we predict the legitimacy of mail based on historical nature of the IP addresses?  Collect traces from large company's mail server  700 mailboxes  166 days (1/2006 – 6/2006)  All attempted SMTP connections (IP address, time stamp)  Assume mail servers under some load, running content filtering (SpamAssassin) October 14, 2010 7

  8. Properties of Spam (II)  Result: 20x more spam than legitimate mail  1.4 million vs. 27 million October 14, 2010 8

  9. Server under Load  Server can process 100 emails per second, crash at 200 x20 x20 20% load x0 October 14, 2010 9

  10. Server under Load  Server can process 100 emails per second, crash at 200 x20 x20 x80 100% load x80 x0 x0 October 14, 2010 10

  11. Server under Load  Server can process 100 emails per second, crash at 200 x20 x10 x89 199% load x179 x10 x90 October 14, 2010 11

  12. Definitions  Spam-ratio : fraction of mail sent by IP addresses that is spam  Lower => more legitimate mail  k-good : the lifetime spam-ratio of an IP address is at most k  k-good set : set of IP addresses whose lifetime spam-ratios are at most k October 14, 2010 12

  13. Analysis  Distribution by IP spam-ratio  What fraction of legitimate mail or spam is contributed by IP addresses with different spam- ratios?  Persistence  How long does an IP address contribute a major proportion of total legitimate mail?  Temporal spam-ratio instability  How much fluctuation is there in an IP's spam-ratio? October 14, 2010 13

  14. Distribution by IP Spam-Ratio  Less than 1-2% of IP's have spam ratios between 1%- 99%  90% of IP's on a given day have spam ratios between 99%-100%  99% of spam on a given day comes from an IP with a high spam ratio (> 95%) October 14, 2010 14

  15. Persistence  IP's with low lifetime spam ratios contribute a major proportion of total legitimate mail  The longer an IP address lasts, the more stable its contribution to legitimate mail  IP's with high spam ratios are present for only a short time October 14, 2010 15

  16. Temporal Spam-Ratio Stability  Frequency-fraction excess: how often an IP (in a k- good set) exceeds k on a given day  Majority of IP addresses in each k-good set have frequency-fraction excess of 0  95% of IP's have frequency-fraction excess of at most 0.1 October 14, 2010 16

  17. Summary  Good mail servers mostly send legitimate mail and persist for long periods of time  IP's tend to exhibit stable behavior  Bulk of mail comes from IP addresses that mostly send spam October 14, 2010 17

  18. Exploiting Findings  How to use these findings to determine how to prioritize incoming connections?  Individual IP's don't help too much  Better: can we determine if the reputation of an unseen IP can be derived from an aggregation of IP's to which it belongs? October 14, 2010 18

  19. Network-Aware Clusters  Set of unique network IP prefixes collected from a set of BGP routing table snapshots  Analyze:  Granularity: is mail cluster mostly spam or legitimate mail?  Persistence: do individual clusters appear over long periods of time? October 14, 2010 19

  20. Results  Similar to individual IP addresses  Clusters are at least as temporally stable as individual IP addresses  Distribution of clusters by daily cluster spam- ratio is similar to distribution of IP addresses by IP spam ratio  Clusters present for long periods with high cluster spam-ratio contribute large fraction of spam October 14, 2010 20

  21. Exploiting Findings (II)  Mail server under load  Only for prioritizing based on IP, not a replacement/comparable to content-based filtering  To selectively accept connections to maximize acceptance of legitimate mail:  History-based reputation function R(i)  Maximize sum of R(i) over all connections October 14, 2010 21

  22. Portcullis: Protecting Connection Setup from Denial-of-Capability Attacks Bryan Parno, Dan Wendlandt, Elaine Shi, Adrian Perrig, Bruce Maggs, Yin-Chun Hu SIGCOMM '07 October 14, 2010 22

  23. Denial-of-Service Attack  Problem:  Victim of DDoS can identify legitimate flows but cannot give flows priority  Routers can prioritize traffic but cannot easily identify legitimate traffic (without input from receiver) October 14, 2010 23

  24. Network Capability  Owner of limited resource should have control over resource usage  Idea: request to send  Source sends capability request packet to destination  Routers on path add cryptographic markings to packet header  When request arrives, accumulated markings represent capability  Capability added to packets to receive priority service  Prioritize flows based on capability  What about DoS on capability channel? Anderson, Roscoe, Wetherall , “Preventing Internet Denial -of- Service with Capabilities”, Hotnets II (2003) October 14, 2010 24

  25. DoS-Limiting Architectures: TVA  Traffic Validation Architecture (TVA) – capabilities with tags/identifiers  Trust boundaries – AS edge  Tag with small, unique value  Tag is identifier for path  Fair-queue requests by most recent tag Yang, Wetherall , Anderson, “A DoS-limiting Network Architecture, SIGCOMM '05 October 14, 2010 25

  26. DoS-Limiting Architectures: TVA Using identifiers to prioritize traffic is inadequate for large/diverse Internet  Can't trust all routers  Spoofable  Large variation in number of users represented by single identifier/IP  (e.g., NAT) Legitimate traffic mixes with attack traffic at each AS hop  Traffic becomes indistinguishable for TVA's priority mechanism  TVA's original analysis used simple topology with single hop, no mixing  Yang, Wetherall , Anderson, “A DoS-limiting Network Architecture, SIGCOMM '05 October 14, 2010 26

  27. DoS-Limitating Architectures: Speak-Up Bandwidth as “currency”  Bandwidth available to users can greatly vary (up to 1500x)  Assumes network is uncongested  Focuses on application layer DDoS attacks  Protects only end-host resources  What about protection for network links?  What about effect on other hosts?  Performance (time to establish capability) declines as number of attacks increases  Attackers have more bandwidth relative to legitimate users  Walfish, Vutukuru, Balakrishnan, Karger, Shenker , “ DDoS Defense by Offense”, SIGCOMM '06 October 14, 2010 27

  28. DoS-Limiting Techniques Source address filtering  Ingress filtering needs high degree of deployment  Spoofing among address sharing same prefix  Pushback – dynamic traffic filters  Node tries to characterize types of packets causing a flood, sends  requests closer to source to rate limit Difficult at line rate  Vulnerable to spoofing, E2E encryption  Overlay Filtering – reroute traffic to intermediate node and add a  secret into header, downstream routers ignore packets without secret Vulnerable to attack if secret is discovered  Anderson, Roscoe, Wetherall , “Preventing Internet Denial -of- Service with Capabilities”, Hotnets II (2003) October 14, 2010 28

  29. Portcullis  Use capabilities to prevent DoS  Add puzzles (computational proof of work) to enforce fair sharing of request channel to protect against DoC  Bounds delay an adversary can impose on legitimate sender's capability establishment October 14, 2010 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EXPLOITING STRUCTURE FOR META-LEARNING NeurIPS Metalearning Workshop | December 8, 2018 Lise

EXPLOITING STRUCTURE FOR META-LEARNING NeurIPS Metalearning Workshop | December 8, 2018 Lise

EXPLOITING STRUCTURE FOR META-LEARNING NeurIPS Metalearning Workshop | December 8, 2018 Lise Getoor | UC Santa Cruz | @lgetoor STRUCTURE STRUCTURE IN STRUCTURE IN INPUTS OUTPUTS STRUCTURE IN META-LEARNING MODEL THIS TALK Structure &amp;

630 views • 45 slides
Exploiting Structure of Uncertainty for Efficient Matroid Semi-Bandits Pierre Perrault (INRIA

Exploiting Structure of Uncertainty for Efficient Matroid Semi-Bandits Pierre Perrault (INRIA

Exploiting Structure of Uncertainty for Efficient Matroid Semi-Bandits Pierre Perrault (INRIA Lille CMLA, ENS PS) Vianney Perchet (CMLA, ENS PS Criteo AI Lab) Michal Valko (INRIA Lille) Perrault et al. Exploiting Structure of

302 views • 8 slides
Less is more: Exploiting structure in high-dimensional quantum tomography and other problems

Less is more: Exploiting structure in high-dimensional quantum tomography and other problems

Less is more: Exploiting structure in high-dimensional quantum tomography and other problems Jens Eisert FU Berlin Mentions joint work with several people, of which are here Adrian Steffens Carlos Riofrio David Gross Richard Nickl

537 views • 37 slides
beyond network selection: exploiting access network hetero- geneity with named data networking

beyond network selection: exploiting access network hetero- geneity with named data networking

2nd ACM Conference on Information-Centric Networking . Klaus M. Schneider, Udo R. Krieger October 2, 2015 University of Bamberg, Germany 0 beyond network selection: exploiting access network hetero- geneity with named data networking 1

725 views • 25 slides
Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference David

Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference David

To appear, Proc. 15th International Joint Conference on AI (IJCAI-97), Nagoya, Japan, August, 1997 Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference David Poole Department of Computer Science University

220 views • 8 slides
Exploiting the hierarchical structure of rule-based specifications for decision planning Alberto

Exploiting the hierarchical structure of rule-based specifications for decision planning Alberto

Exploiting the hierarchical structure of rule-based specifications for decision planning Alberto Lluch Artur Boronat Roberto Bruni Ugo Montanari Generoso Paolillo IFIP International Conference on Formal T echniques for Distributed Systems

1.29k views • 94 slides
Robot learning from few demonstrations by exploiting the structure and geometry of data Sylvain

Robot learning from few demonstrations by exploiting the structure and geometry of data Sylvain

Robot learning from few demonstrations by exploiting the structure and geometry of data Sylvain Calinon Senior Researcher Idiap Research Institute, Martigny, Switzerland Lecturer EPFL, Lausanne, Switzerland External Collaborator IIT,

607 views • 43 slides
Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference David

Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference David

Probabilistic Partial Evaluation: Exploiting rule structure in probabilistic inference David Poole University of British Columbia 1 Overview Belief Networks Variable Elimination Algorithm Parent Contexts &amp; Structured

259 views • 21 slides
How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED

How to become a True stories to become a proactive developer! proactive developer? PRESENTED BY Eduardo Telaya Software arquitect Whats Inside What does it mean to be proactive 7 developer? How to find opportunities to be 14

587 views • 21 slides
Exploiting model structure to encode transition relations and transition rate matrices

Exploiting model structure to encode transition relations and transition rate matrices

Exploiting model structure to encode transition relations and transition rate matrices Gianfranco Ciardo Department of Computer Science and Engineering University of California, Riverside Supported in part by the National Science Foundation

591 views • 44 slides
Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event Abhishek

Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event Abhishek

Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event Abhishek Kumar (Georgia Tech / Google) Vern Paxson (ICSI) Nicholas Weaver (ICSI) Proc. ACM Internet Measurement Conference 2005 1 Enhancing Telescope

574 views • 55 slides
Camdoop Exploiting In-network Aggregation for Big Data Applications Paolo Costa

Camdoop Exploiting In-network Aggregation for Big Data Applications Paolo Costa

Camdoop Exploiting In-network Aggregation for Big Data Applications Paolo Costa costa@imperial.ac.uk joint work with Austin Donnelly, Antony Rowstron, and Greg OShea (MSR Cambridge) MapReduce Overview Input file Intermediate results Final

803 views • 52 slides
Adaptive Filtering for Music/Voice Separation Exploiting the Repeating Musical Structure Adaptive

Adaptive Filtering for Music/Voice Separation Exploiting the Repeating Musical Structure Adaptive

Time-Fequency masking Fixed patterns Varying patterns Demonstration Adaptive Filtering for Music/Voice Separation Exploiting the Repeating Musical Structure Adaptive REPET Antoine Liutkus 1 , Zafar Rafii 2 , Roland Badeau 1 , Bryan Pardo 2 ,

228 views • 18 slides
Exploiting Functional Dependence in Bayesian Network Inference Ji r Vomlel Laboratory

Exploiting Functional Dependence in Bayesian Network Inference Ji r Vomlel Laboratory

Exploiting Functional Dependence in Bayesian Network Inference Ji r Vomlel Laboratory for Inteligent systems University of Economics, Prague This presentation is available from: http://www.utia.cas.cz/vomlel/ Original model HV2 HV1

301 views • 17 slides
Exploiting Community Structure for Floating-Point Precision Tuning Hui Guo Cindy Rubio-Gonzlez

Exploiting Community Structure for Floating-Point Precision Tuning Hui Guo Cindy Rubio-Gonzlez

Exploiting Community Structure for Floating-Point Precision Tuning Hui Guo Cindy Rubio-Gonzlez ISSTA18 Amsterdam, Netherlands, July 2018 Background Floating-point (FP) arithmetic used in many domains Reasoning about FP programs

573 views • 26 slides
GEOMetrics Exploiting Geometric Structure for Graph-Encoded Objects Edward Smith, Scott Fujimoto,

GEOMetrics Exploiting Geometric Structure for Graph-Encoded Objects Edward Smith, Scott Fujimoto,

GEOMetrics Exploiting Geometric Structure for Graph-Encoded Objects Edward Smith, Scott Fujimoto, Adriana Romero, David Meger Topic: Mesh Object Generation What is a Mesh? 3D surface representation Collection of connected triangular faces

558 views • 24 slides
Results presentation as at 30/06/2015 DISCLAIMER This presentation does not constitute an offer

Results presentation as at 30/06/2015 DISCLAIMER This presentation does not constitute an offer

Conference call 6 August 2015 H 6.00 p.m. Results presentation as at 30/06/2015 DISCLAIMER This presentation does not constitute an offer or an invitation to subscribe for or purchase any securities. The securities referred to herein have not

531 views • 41 slides
Romanscaia Ina JENTEC LIMITED PortaOne Customer Conference 2017 Cooperation of Jentec LTD

Romanscaia Ina JENTEC LIMITED PortaOne Customer Conference 2017 Cooperation of Jentec LTD

Romanscaia Ina JENTEC LIMITED PortaOne Customer Conference 2017 Cooperation of Jentec LTD company with PortaOne services PortaOne Customer Conference 2017 About us Location: Main offjce in Hong Kong, Local Representative in

260 views • 12 slides
RECAP and making culture matter EXECUTIVE TEAM Stephen Petherick Charitable Trust launched

RECAP and making culture matter EXECUTIVE TEAM Stephen Petherick Charitable Trust launched

28/06/16 Vision: The Cheltenham Trust enriches the lives of its residents and visitors through The Cheltenham Trust vibrant cultural economy and a distinctive sense of place 18 Months On TRUSTEES Jo Stringer Martin Horwood Peter

299 views • 4 slides
Moordown St. Johns CE VA Primary School A Christian community where commitment to educational

Moordown St. Johns CE VA Primary School A Christian community where commitment to educational

Welcome to Moordown St. Johns CE VA Primary School A Christian community where commitment to educational excellence changes lives Welcome to Moordown St. Johns Your Chair of Governors Mr. Simon Cull Academy Consultation Consultation

378 views • 26 slides
SHARED FUTURES Parliamentary launch Boothroyd Room, Portcullis House Wednesday, 22 June 2016

SHARED FUTURES Parliamentary launch Boothroyd Room, Portcullis House Wednesday, 22 June 2016

COHOUSING: SHARED FUTURES Parliamentary launch Boothroyd Room, Portcullis House Wednesday, 22 June 2016 10:00 11:30 a.m. The context xt We are not producing enough new housing, especially in southern England We are not producing

318 views • 21 slides
The Energy Wander: Where is UK energy policy going? Igov: Progressive Energy Governance

The Energy Wander: Where is UK energy policy going? Igov: Progressive Energy Governance

The Energy Wander: Where is UK energy policy going? Igov: Progressive Energy Governance Conference Royal Geographical Society 21 May 2014 Jim Skea Research Councils UK Energy Strategy Fellow THE ENERGY WANDER CLIMATE AFFORDABILITY SECURITY

240 views • 21 slides
VRCA Infrastructure Series Vancouver Fraser Port Authority Willy Yung, Director, Engineering and

VRCA Infrastructure Series Vancouver Fraser Port Authority Willy Yung, Director, Engineering and

VRCA Infrastructure Series Vancouver Fraser Port Authority Willy Yung, Director, Engineering and Maintenance Devan Fitch, Director, Infrastructure Delivery Efrosini Drimoussis, Director, RBT2 Infrastructure Procurement April 7, 2020 Vancouver

659 views • 35 slides
The University Womens Club of Vancouver General Meeting Tuesday, April 9 th , 2019 Capital

The University Womens Club of Vancouver General Meeting Tuesday, April 9 th , 2019 Capital

The University Womens Club of Vancouver General Meeting Tuesday, April 9 th , 2019 Capital Budget 2019-2020 Key Points 1) Capital Funding 2) The Kitchen as a priority because of Return on Investment 3) The role of HHPF 4) Conservative

250 views • 5 slides

More recommend