Mark Shtern DDoS Attacks http://en.wikipedia.org/wiki/Operation_Pa - - PowerPoint PPT Presentation

mark shtern ddos attacks
SMART_READER_LITE
LIVE PREVIEW

Mark Shtern DDoS Attacks http://en.wikipedia.org/wiki/Operation_Pa - - PowerPoint PPT Presentation

Sep 30, 2022 430 likes •802 views

Mark Shtern DDoS Attacks http://en.wikipedia.org/wiki/Operation_Pa yback http://www.betterhostreview.com/wp-content/uploads/2013/08/ddos-attack.gif 2 DDoS Attacks http://blog.rivalhost.com/wp- http://en.wikipedia.org/wiki/Low

slide-1
SLIDE 1

Mark Shtern

slide-2
SLIDE 2

DDoS Attacks

http://www.betterhostreview.com/wp-content/uploads/2013/08/ddos-attack.gif http://en.wikipedia.org/wiki/Operation_Pa yback

2

slide-3
SLIDE 3

DDoS Attacks

http://blog.rivalhost.com/wp- content/uploads/2012/11/DDoS-network- map.jpg http://en.wikipedia.org/wiki/Low _Orbit_Ion_Cannon

3

slide-4
SLIDE 4

Lower and Slow DDoS Attacks

http://www.funnyjunk.com/funny_pictures/ 3290705/Operation+9fag/

 Attack aimed at bringing a

target down but doing so quietly

 Examples

 Sending partial http

requests

 Sending small data

packets or keep alives in

  • rder to keep the session

from going to idle timeout

4

slide-5
SLIDE 5

Layer-7 DDoS Attacks

 “An application layer DDoS attack is a form of DDoS attack) where

attackers target the application layer”

( copied from “http://en.wikipedia.org/wiki/Application_layer_DDoS_attack”)

 Layer-7 DDoS attacks represent 20% of all DDoS attacks in 2013

(from http://www.ababj.com/component/k2/item/4354-what-you-should-know-about-worsening-ddos-attacks)

 37 percent of the respondents seeing application-layer attacks

targeting this service compared to 24 percent last year (from http://www.securityweek.com/multi-vector-ddos-attacks-grow)

 Application layer attacks may become widespread

(from http://www.ababj.com/component/k2/item/4354-what-you-should-know-about-worsening-ddos-attacks)

5

slide-6
SLIDE 6

DDoS Attacks

http://www.cnbc.com/id/101461573 Meetup.com is fighting a sustained battle against cyber attackers who are demanding

  • nly $300 to call off

"There is a very clear trend

we see in the increased use

  • f complex multi-vector and

application layer attacks,”

(from http://www.securityweek.com/multi-vector-ddos-attacks-grow)

“the reduction in dedicated security resources among respondent organizations”

(from http://www.securityweek.com/multi-vector-ddos-attacks-grow)

6

slide-7
SLIDE 7

Top daily DDoS attacks worldwide

http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&time=16265 &view=map

7

slide-8
SLIDE 8

Software Defined Infrastructure

 Example

 Infrastructure-as-a-service (IaaS)

 Key property

 Agility

 Pricing model

 Pay as you go

http://en.wikipedia.org/wiki/Cloud_comput ing

8

slide-9
SLIDE 9

The Changing Management Landscape

 Traditional IT duties

 Resource capacity planning

 Security of both infrastructure and production applications  Long release cycle

 SDI Ecosystem

 Security responsibilities

 Cloud provider - infrastructure  Application owner – application  Capacity planning: elasticity  Short release cycle

9

slide-10
SLIDE 10

Elastic Applications

 Autonomic/Adaptive system

https://wwwvs.cs.hs-rm.de/vs-wiki/index.php/(WS12-01)_Cloud/Dokumentation

10

slide-11
SLIDE 11

Challenges

 Optimization resource managements  Measurement of running application cost is complex

task because of the cost of IaaS resources is not typically available from the provider

 Misuse infrastructure resources and reduction profit

due to malicious activities

 DDoS

11

slide-12
SLIDE 12

Cost-of-Service Attack

 Is to increase the cost of a cloud deployment without

necessarily denying service

http://www.rawstory.com/rs/2011/08/02/ne w-lead-in-1970s-us-skyjacking-case/

Ransom Money

http://www.projektwerk.com/en/bl

  • g/freelance/category/trends

Competitive Advantage

12

slide-13
SLIDE 13

Resource-consumption Attacks

 Attack increases resource utilization without a

corresponding increase in revenue

 Autoimmune resource attack  the user through

carelessness or error incurs unnecessary charges on their

  • wn resources

 Denial of service  Cost-of-service attacks  the goal is to increase the

cost a cloud deployment without necessarily denying service

 Low-and-slow DoS

13

slide-14
SLIDE 14

14

slide-15
SLIDE 15

Cloud efficiency metric

 Cost-benefit analysis that compares the current

benefit derived from an application to the current cost

  • f running that application on software-defined

infrastructure

 Is the ratio of a benefit function:cost function, where

both functions update as frequently as possible

Title le: A runtime cloud efficiency software quality metric. Authors hors: Shtern, Mark and Smit, Michael and Simmons, Bradley and Litoiu, Marin

15

slide-16
SLIDE 16

Cost/benefit estimation

 Cost of total number of resources needed

 Performance model

 Benefit is income generated by protected application

16

slide-17
SLIDE 17

Prices

 Instances

 On demand  Reserved  Spot

 Data Transfer

 Data Transfer IN To Amazon EC2  Data Transfer OUT From Amazon EC2

 Storage  Elastic Load Balancing  Glacier

http://openclipart.org/detail/169130/mapa- de-redes-by-ainara14-169130

17

slide-18
SLIDE 18

Cost Monitoring

 Twitter storm

 distributed realtime computation system

 Cloud monitoring

 CloudWatch, Ceilometer etc

http://www.clipartbest.com/clipart- di85pb8XT Cloud Monitoring

Title: Distributed, application-level monitoring for heterogeneous clouds using stream processing Authors hors: Smit, Michael and Simmons, Bradley and Litoiu, Marin

18

slide-19
SLIDE 19

Benefit Monitoring

 Twitter storm  Information sources

 Application, Google Adsense API, PayPal, Google

Analytics

http://www.clipartbest.com/clipart- di85pb8XT http://www.datagenicgroup.com/o ur-products/enterprise-data- management/technical.html

19

slide-20
SLIDE 20

Benefit Monitoring

 Revenue  Advertising  Brand awareness  Customer satisfaction  Number of repeat customers

20

slide-21
SLIDE 21

Cloud efficiency metric

 CE > threshold

 Profitable

 CE < threshold

 Overspending

21

slide-22
SLIDE 22

Performance model

 Models hardware/software resources

 Hardware: CPU, Network  Software: Number of threads, Critical sections

 Estimate performance metrics

 Throughput, response time, CPU utilization

22

slide-23
SLIDE 23

Behavior Analysis

 Baseline  Behavior Anomaly Detection

 Statistical mode  Machine learning

23

slide-24
SLIDE 24

Cloud Resource Management

 Cloud variability

 Resources a cloud provider deems identical may have

performance variations, by as much as 40%

 Non cost effective action

 When allocated resources do not meet expectations, an

adaptive system's response is to acquire more resources

 Higher cost without expected benefits

24

slide-25
SLIDE 25

25

slide-26
SLIDE 26

Shark Tank

 Is a separate cluster with full application capabilities

designed to monitor suspicious users

Title: Towards Mitigation of Low and Slow Application DDoS Attacks Authors: Mark Shtern Roni Sandel Marin Litoiu Chris Bachalo Vasileios Theodorou

26

slide-27
SLIDE 27

Software Defined Infrastructure

 Technology umbrella for infrastructure management

 Chip-level virtualization accelerators  Virtual storage accelerators  Network package accelerators  Orchestration

27

slide-28
SLIDE 28

Low & Slow DDoS Mitigation

Gmond Gmond Gmond Gmond Gmond Gmond

28

slide-29
SLIDE 29

Software Defined Network

 ”is an approach to computer networking that

allows network administrators to manage network services through abstraction of lower level functionality” (from Wikipedia: http://en.wikipedia.org/wiki/Software- defined_networking)

 Openflow  Service-chaining (Ericsson Cloud System, Contrail

(Juniper Network) Opencontrail )

29

slide-30
SLIDE 30

Software Defined Network

 Overlay network

 VPN/tunnel

 IPTables  Application-Informed Request Routing

30

slide-31
SLIDE 31

Application-Informed Request Routing

 Application-informed routing allows the application to

inform routing decisions

 Geography, lowest latency, common backbone

providers, cost-aware routing

Title le: Navigating the clouds with a MAP Autho hors rs: Shtern, Mark and Simmons, Bradley and Smit, Michael and Litoiu, Marin

31

slide-32
SLIDE 32

32

slide-33
SLIDE 33

Decision engine

Do metrics violate SLO? Calculate number

  • f service to add

Redirecting abnormal traffic Is adding servers violate cloud efficiency metric? Add servers

Ti Title: Model-driven Elasticity and DoS Attack Mitigation in Cloud Environments Authors: Computing, Autonomic and Barna, Cornel and Shtern, Mark and Smit, Michael and Ghanbari, Hamoun and Litoiu, Marin

33

slide-34
SLIDE 34

Decision engine

Do metrics violate SLO? Is there redirected traffic? Decommission under utilized resources Stop redirecting non-attacking traffic

34

slide-35
SLIDE 35

Conclusion

 Discussed algorithm to scale a web application,

mitigate a DoS attack, or both, based on an assessment

  • f the business value of workload

35

slide-36
SLIDE 36

Q&A

36