large scale evaluation of distributed attack detection
play

Large-scale Evaluation of Distributed Attack Detection Thomas - PowerPoint PPT Presentation

Jul 12, 2023 •159 likes •366 views

Large-scale Evaluation of Distributed Attack Detection Thomas Gamer, Christoph P. Mayer Institut fr Telematik, Universitt Karlsruhe (TH), Germany Why Attack Detection still is important Distributed Denial-of-Service problem persists Attack

  1. Large-scale Evaluation of Distributed Attack Detection Thomas Gamer, Christoph P. Mayer Institut für Telematik, Universität Karlsruhe (TH), Germany

  2. Why Attack Detection still is important Distributed Denial-of-Service problem persists Attack bandwidth exceeded 40 Gbit/s in 2008 Threatens not only servers, but provider infrastructure, too Detection and mitigation still hard to achieve Even harder in the core network But DDoS is just one example Spam, botnets, worm propagations, … “ Our ability to effectively defend the network and its connected “ Our ability to effectively defend the network and its connected hosts continues to be, on the whole, ineffectual ” hosts continues to be, on the whole, ineffectual ” (Geoff Huston, IPJ, 2008) (Geoff Huston, IPJ, 2008) Lots of approaches exist in attack detection but … how to evaluate them? 1 how to compare them with each other? Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  3. Preconditions and Requirements How to evaluate (distributed) detection of large-scale attacks? Internet or real networks, respectively Normal operation must not be affected by evaluation Isolation impossible Testbed Large testbeds are expensive Administration and maintenance complex and time-consuming Simulation Controllable environment ensures repeatable and comparable setup Simulation toolchain for the large-scale evaluation of distributed attack detection Toolchain requirements Simplicity and easy usability Realistic simulation environments Transparent deployment of attack detection in real systems 2 Tools should be well-concerted Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  4. The Big Picture Components of the simulation toolchain OMNeT++ INET Framework 1 Extends OMNeT++ by Internet-specific protocols ReaSE 2 Adds special entities like clients, servers, or DDoS zombies Distack Framework 3 Loaded as shared library by OMNeT++ 4 Distributed attack detection is achieved based on INET protocols 5 Integration of Distack as special entity DistackOmnetIDS ReaSE 5 2 Distack INET Framework 4 Framework 1 3 3 OMNeT++ Simulator Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  5. ReaSE – Overview Generation of a realistic simulation environment Short paper [1] on basic principles last year Graphical user interface Ensures simplicity and usability Hides the actual implementations Open source release (July 2008) Supports currently only OMNeT++ v3 Release of ReaSE for OMNeT++ v4 scheduled for next week 4 [1] Thomas Gamer, Michael Scharf, Realistic Simulation Environments for IP-based Networks , OMNeT++ Workshop, Mar, 2008. Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  6. ReaSE – Topology Create a network topology NED file containing Routers and StandardHosts Host Edge Gateway Core systems routers routers routers transitAS1 stubAS3 transitAS2 stubAS2 stubAS1 5 Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  7. ReaSE – Topology Create a network topology NED file containing Routers and StandardHosts Add special entities for generation of background traffic InetUserHost , WebServer , StreamingServer , … Define traffic profiles Randomly selected by special entities during simulation Aggregated traffic shows self-similar behavior 6 Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  8. ReaSE – Background Traffic Aggregated traffic shows self-similar behavior Exemplary topology: About 50000 nodes in total Divided into 20 Autonomous Systems Calculation of Hurst parameter on every router Based on the method of m-aggregated variances Router Scaling Standard # Average type factor deviation 100 ms 0.6226 0.0352 Edge 873 1s 0.6395 0.0645 100 ms 0.6771 0.0461 Gateway 55 1s 0.7234 0.0701 100 ms 0.8220 0.0599 Core 14 1 s 0.8927 0.0525 Hurst parameters of all routers 7 Topologies with 1k, 5k, 10k, and 100k nodes also show self-similarity Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  9. ReaSE – Attack Traffic Add special entities in regard to attack detection DDoSZombie , WormHost , or DistackOmnetIDS 8 Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  10. ReaSE – Attack Traffic Example: Simulation of a DDoS attack 10440 entities within 20 AS ~40 DDoS zombies Start of attack: 1600s TCP SYN flooding IP address spoofing Victim webserver resides in transit AS 0 edge13 and core0 are part of the attack path Traffic observed on two different routers in transit AS 0 during a DDoS attack � Attack detection is not an easy task within the network 9 � Distributed detection may improve detection efficiency Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  11. Distack – Overview Framework for anomaly-based attack detection Publication [2] of architecture last year Enhancements in regard to usage within OMNeT++ Instantiation of multiple detection systems within simulation Support for heterogeneous configuration of available instances Remote communication methods usable with OMNeT++ TCP sockets, path-coupled, ring-based Graphical user interface for scalable and easy configuration Categories and available values are pre-defined 10 [2] Thomas Gamer, Christoph P. Mayer, Martina Zitterbart, Distack – A Framework for Anomaly-based Large-scale Attack Detection , SecurWare 2008, p. 34-40, Aug 2008. Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  12. Distack – Simulation Setup Scalable assignment of heterogeneous configurations to available Distack instances Different sortings allow for easy grouping of instances Currently unconfigured instances Available configurations 11 Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  13. Evaluation of the Toolchain Goal of this evaluation is to provide users with a feeling about basic behavior of the toolchain Basic parameters CPU: Intel Xeon 5160 dualcore 3 GHz, 4 Mb shared L2 cache RAM: 32 GB Operating system: 64-bit Ubuntu Linux OMNeT++ 3.4 and according INET framework Compiled without Tcl support Evaluation environments varied in Topology size Number of Autonomous Systems Seeds for random number generators Topology size Number of AS Seeds 1 000 5 10 20 20 Decreasing number of seeds 5 000 10 20 50 20 due to increasing 10 000 10 20 50 10 simulation 12 50 000 20 50 100 5 duration 100 000 20 50 100 5 Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  14. Evaluation of the Toolchain Goal of this evaluation is to provide users with a feeling about basic behavior of the toolchain Evaluation parameters Memory usage Virtual size of the INET process read from proc filesystem Duration CPU time the INET process consumed Messages created by OMNeT++ during simulation Total number of messages Number of present messages 13 Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  15. OMNeT++ Messages Progress of present messages during a simulation Simulated time: 1800 s During a single simulation Summary of all simulations Linear increase of total and present messages 14 Proportional to topology size Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

  16. Duration and Memory Usage Simulation duration and progress of memory usage Simulated time: 1800 s simStart initStage 0 Summary of all simulations Memory usage during a single simulation Memory usage and simulation duration increase linearly 15 Increase of simulation duration more than proportional ev/sec seems not to be independent of topology size Thomas Gamer Large-scale Evaluation of OMNeT++ Workshop 2009 – March 6th www.tm.uka.de Institut für Telematik Distributed Attack Detection Universität Karlsruhe (TH)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic

BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic

BotGraph: Large Scale Spamming Botnet Detection Web-account abuse attack recent spamming technic New different approche for sending spam Basing on reputation of email providers Difficult to detect signup detection monitoring users' activity

157 views • 15 slides
Distributed Measurements for Attack Detection Distributed Measurements for Attack Detection Prof.

Distributed Measurements for Attack Detection Distributed Measurements for Attack Detection Prof.

Universitt Tbingen Computer Networks and Internet Distributed Measurements for Attack Detection Distributed Measurements for Attack Detection Prof. Dr. Georg Carle Chair for Computer Networks and Internet University of Tbingen Germany

291 views • 8 slides
Evaluation of Amplification attacks in large-scale networks to improve detection performance

Evaluation of Amplification attacks in large-scale networks to improve detection performance

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Evaluation of Amplification attacks in large-scale networks to improve detection performance Michael Kpferl Interdisciplinary Project Final

517 views • 49 slides
Experimental Performability Evaluation of Middleware for Large-Scale Distributed Systems L.

Experimental Performability Evaluation of Middleware for Large-Scale Distributed Systems L.

Experimental Performability Evaluation of Middleware for Large-Scale Distributed Systems L. Soares J. Pereira losoares@di.uminho.pt jop@di.uminho.pt Distributed Systems Group Informatics Department University of Minho PORTUGAL L. Soares

461 views • 17 slides
Motivation Large-scale distributed systems becoming more common multiple datacenters, cloud

Motivation Large-scale distributed systems becoming more common multiple datacenters, cloud

Census: Location-Aware Membership Management for Large-Scale Distributed Systems James Cowling Dan R. K. Ports Barbara Liskov Raluca Ada Popa Abhijeet Gaikwad* MIT CSAIL *cole Centrale Paris Motivation Large-scale distributed systems

606 views • 48 slides
ParaStack : Efficient Hang Detection for MPI Programs at Large Scale Hongbo Li Zizhong Chen

ParaStack : Efficient Hang Detection for MPI Programs at Large Scale Hongbo Li Zizhong Chen

ParaStack : Efficient Hang Detection for MPI Programs at Large Scale Hongbo Li Zizhong Chen & Rajiv Gupta Question Solution Evaluation 2 Question Solution Evaluation Program Hang Resource Wastage Current Solution 3 Execution in

841 views • 33 slides
E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale

E Evolution of NTCIR: l Infrastructure of Large-Scale Infrastructure of Large Scale Information Access Technologies Evaluation and Testing Evaluation and Testing Noriko Kando Noriko Kando National Institute of Informatics, Japan

632 views • 61 slides
Large-Scale Invisible Attack on AFC Systems with NFC-Equipped Smartphones Fan Dang 1 , Pengfei

Large-Scale Invisible Attack on AFC Systems with NFC-Equipped Smartphones Fan Dang 1 , Pengfei

1 Large-Scale Invisible Attack on AFC Systems with NFC-Equipped Smartphones Fan Dang 1 , Pengfei Zhou 1, 2 , Zhenhua Li 1 , Ennai Zhai 3 , Aziz Mohaisen 4 , Qingfu Wen 1 , Mo Li 5 1 School of Software, Tsinghua University, China 2 Beijing

889 views • 22 slides
Large-Scale Systems: WebOS Access to geographically distributed data-dissemination and

Large-Scale Systems: WebOS Access to geographically distributed data-dissemination and

CPSC-662 Distributed Computing Object-Oriented Distributed Technology Large-Scale Systems: WebOS Access to geographically distributed data-dissemination and computing resources. Resource discovery, persistent storage, process control,

276 views • 5 slides
S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in

S MV -H UNTER : Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps David Sounthiraraj Justin Sahs Garret Greenwood Zhiqiang Lin Latifur Khan University of Texas at Dallas February 26, 2014

671 views • 40 slides
Simulating Energy Aware Networks in Large Scale Distributed Systems Betsegaw Lemma Amersho

Simulating Energy Aware Networks in Large Scale Distributed Systems Betsegaw Lemma Amersho

Simulating Energy Aware Networks in Large Scale Distributed Systems Betsegaw Lemma Amersho Supervised by: Prof. Martin Quinson, Dr. Anne-C ecile Orgerie Master Thesis Defence, June 30, 2017 Outline Recent Trends in Large-Scale Networks 1

380 views • 23 slides
Distributed Training for Large-scale Logistic Models Siddharth Gopal Carnegie Mellon Univeristy

Distributed Training for Large-scale Logistic Models Siddharth Gopal Carnegie Mellon Univeristy

Distributed Training for Large-scale Logistic Models Siddharth Gopal Carnegie Mellon Univeristy 21 Aug 2013 1 Joint work with Yiming Yang presented at ICML13 Siddharth Gopal Distributed Training for Large-scale Logistic Models Outline of

406 views • 26 slides
Large scale graph processing systems: survey and an experimental evaluation Cluster Computing

Large scale graph processing systems: survey and an experimental evaluation Cluster Computing

Large scale graph processing systems: survey and an experimental evaluation Cluster Computing 2015 Omar Batarfi , Radwa El Shawi, Ayman G. Fayoumi , Reza Nouri, Seyed-Mehdi-Reza Beheshti, Ahmed Barnawi, Sherif Sakr Graph scale Scale:

363 views • 10 slides
Investigating the impact of the Large Scale on distributed systems F. Cappello INRIA

Investigating the impact of the Large Scale on distributed systems F. Cappello INRIA

ACI Grid CGP2P Grand Large Investigating the impact of the Large Scale on distributed systems F. Cappello INRIA Grand-Large Project, INRIA/PCRI LRI, Universit Paris Sud fci@lri.fr, www.lri.fr/~fci 1 French / UK workshop on GRID

562 views • 31 slides
25 Million Flows Later Large-scale Detection of DOM-based XSS CCS 2013, Berlin Sebastian

25 Million Flows Later Large-scale Detection of DOM-based XSS CCS 2013, Berlin Sebastian

25 Million Flows Later Large-scale Detection of DOM-based XSS CCS 2013, Berlin Sebastian Lekies, Ben Stock , Martin Johns Agenda XSS & Attacker Scenario WebSec guys: wake up once you see a cat Motivation Our contributions

619 views • 34 slides
Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen

Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen

Distributed Agent-Based Intrusion Detection for the Smart Grid Presenter: Esther M. Amullen January 19, 2018 Introduction The smart-grid can be viewed as a Large-Scale Networked Control System (LSNCS). LSNCS components such as controllers,

650 views • 18 slides
Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control Service Service for for DDoS DDoS Attack Attack Control Control Service for DDoS Attack Mitigation Mitigation Mitigation Bernhard Plattner,

474 views • 24 slides
Mercurial Mercurial

Mercurial Mercurial

Mercurial Mercurial

502 views • 21 slides
Efficient System-Enforced Deterministic Parallelism Amittai Aviram, Shu-Chun Weng, Sen Hu, Bryan

Efficient System-Enforced Deterministic Parallelism Amittai Aviram, Shu-Chun Weng, Sen Hu, Bryan

Efficient System-Enforced Deterministic Parallelism Amittai Aviram, Shu-Chun Weng, Sen Hu, Bryan Ford Decentralized/Distributed Systems Group, Yale University http://dedis.cs.yale.edu/ 9 th OSDI, Vancouver October 5, 2010 Pervasive

929 views • 35 slides
Version Control for Researchers MEOPAR 2019 Annual Training Meeting 11-Jun-2019 Victoria Doug

Version Control for Researchers MEOPAR 2019 Annual Training Meeting 11-Jun-2019 Victoria Doug

Version Control for Researchers MEOPAR 2019 Annual Training Meeting 11-Jun-2019 Victoria Doug Latornell doug.latornell@43ravens.ca @dlatornell https://43ravens.ca/training/meopar-atm-2019-06-11/ What Is Version Control (VC)? Use software

412 views • 15 slides
CS344M Autonomous Multiagent Systems Todd Hester Department or Computer Science The University

CS344M Autonomous Multiagent Systems Todd Hester Department or Computer Science The University

CS344M Autonomous Multiagent Systems Todd Hester Department or Computer Science The University of Texas at Austin Good Afternoon, Colleagues Are there any questions? Todd Hester Logistics Reading responses getting better Todd Hester

909 views • 42 slides
CS344M Autonomous Multiagent Systems Patrick MacAlpine Department or Computer Science The

CS344M Autonomous Multiagent Systems Patrick MacAlpine Department or Computer Science The

CS344M Autonomous Multiagent Systems Patrick MacAlpine Department or Computer Science The University of Texas at Austin Good Afternoon, Colleagues Are there any questions? Patrick MacAlpine Logistics Reading response getting better

600 views • 40 slides
strt strt tst

strt strt tst

strt strt tst Prs tt sts strt strt tst Prs

569 views • 32 slides
[M AP R EDUCE ] Shrideep Pallickara Computer Science Colorado State University CS555:

[M AP R EDUCE ] Shrideep Pallickara Computer Science Colorado State University CS555:

CS555: Distributed Systems [Fall 2019] Dept. Of Computer Science , Colorado State University CS 555: D ISTRIBUTED S YSTEMS [M AP R EDUCE ] Shrideep Pallickara Computer Science Colorado State University CS555: Distributed Systems [Fall 2019]

750 views • 22 slides

More recommend