modelling and simulation of a defense strategy to face
play

Modelling and simulation of a defense strategy to face indirect DDoS - PowerPoint PPT Presentation

Dec 07, 2023 •313 likes •510 views

Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro, P. Pace, A. Parise, L. Molina Valdiviezo Universit` a della Calabria D.I.M.E.S 87036 Rende(CS) - Italy Email: a.furfaro@unical.it A. Furfaro

  1. Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro, P. Pace, A. Parise, L. Molina Valdiviezo Universit` a della Calabria D.I.M.E.S – 87036 Rende(CS) - Italy Email: a.furfaro@unical.it A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 1 / 18 September 24, 2014

  2. Objectives Development of a simulation model enabling the study and the analysis of defense techniques against Distributed Denial of Service (DDoS) Extension of the StopIt technique for widening its applicability to more complex DDoS attack scenarios, i.e. shared link congestion. Outline DDoS attacks Defense mechanisms StopIt DiffServ A ns-3 simulation model A novel defense technique exploiting StopIt and DiffServ Results Conclusions and future work A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 2 / 18

  3. Distributed Denial of Service (DDoS) Cyber Security has become a very hot issue due the large and ever increasing diffusion of Internet-connected devices DDoS is one of the most sophisticated attack technique Due to its distributed nature, it is not easily to be faced DoS attacks are carried out by a Botnet consisting of widely scattered and remotely controlled computers called zombies zombies send a big amount of service requests and data traffic to the target � Cisco Systems, Inc. c victim in order to exhaust its resources A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 3 / 18

  4. DDoS defence mechanisms Hybrid DDoS Defense Mechanisms Network-based DDoS Defense Mechanisms AS x Destination-based DDoS Source-based DDoS Defense Defense Mechanisms AS y Mechanisms AS z Access router Access router Source’s edge router Des�na�on’s edge router Source AS Des�na�on AS Zargar et al.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks IEEE Communications Surveys & Tutorials , 14(4):2046–2069, 2013 Hybrid defence mechanisms are the most effective! A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 4 / 18

  5. Hybrid mechanisms Throttling/filtering and Hybrid packet marking : installation, by the victim’s side, of a router throttle at upstream routers several hops away with the aim of limiting the forwarding packets data rate. It only limits the rate of malicious packets. Capability-based : short-term authorization from the receivers by adding specific stamps on their packets. The recipients explicitly authorize the traffic it would like to receive. Active Internet Traffic Filtering (AITF) : explicit refusal of traffic identified as undesirable. It needs a bounded amount of filtering resources from participating ISPs. StopIt : see next slides. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 5 / 18

  6. StopIt operation H u AS s AS d (3) (4) (2) SS s SS d AS i R s R d (5) (1) SS i H d H s The victim H d detects the attack and send a blocking request to its 1 access router R d R d verifies that the source H s is really sending data to the server then, it 2 installs a local filter and it sends a request of flow blocking to the StopIt server SS d SS d forwards the request toward the StopIt server belonging to the 3 sourcing AS by using the BGP protocol. The StopIt server SS s within the sourcing AS, once received the request, 4 notifies the blocking request to its access router R s Finally, the access router of AS d installs the filter to block the flow for a 5 certain period. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 6 / 18

  7. DiffServ DiffServ is a coarse-grained , class-based mechanism for traffic management and QoS differentiation. Traffic is first classified by taking into account a specific priority Then it is forwarded according to one of three per-hop behaviour (PHB) mechanisms PHBs Assured Forwarding (AF) : gives assurance of delivery under prescribed and stringent conditions (Premium Service) Expedited Forwarding (EF) : dedicated to low-loss, low-latency traffic Default Behaviour (BE) : typically used for best-effort traffic A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 7 / 18

  8. Modelling with ns-3 Class hierarchy DNSServer models the behavior (see next slide) of a DNS server able to process up to n requests in parallel StopItServer reproduces the behavior of a StopIt server AccessRouter implements the router application which is in charge of packet filtering, dispatching of StopIt requests and DiffServ policy enforcement. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 8 / 18

  9. DNS server behaviour FSA model of the DNS server DNSRequest[!bufferFull] / DNSRequest [av>1] / enqueue(request) av--; process(request) DNSRequest [av==1] / av--; process(request) DNSRequest[bufferFull] / drop(request) av=RN Available Busy endProcess [bufferEmpty] / av++ endProcess / av++ endProcess [!bufferEmpty] / process(dequeue()) The above FSA models the behavior of a general server having RN resources and a limited buffer capacity for storing pending requests. It has been implemented by exploiting the State design pattern. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 9 / 18

  10. Simulation Scenario Network topology ASs 0 ASs k SS 0 SS k ... ... Rs 0 Rs k ... ... SS d Rs j Rs n L d ... ... AS d SS j SS n ASs j ASs n R d H d H u First zone: 10 ASs, 50 hosts each, contains traffic sources (50% corrupted) Second zone: intermediate network Third zone: victim’s AS. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 10 / 18

  11. Simulation Parameters Traffic sources 24 VoIP (ilbc mode 30 codec at 13.33kbps) [AF] 230 HTTP sources [BE] 230 DNS clients (50% malicious) [BE] Links DNS Service Bandwidth 10 Mbps Resources 8 Delay 1 ms Buffer size 200 Mean service time 5 ms Legal DNS traffic Malicious traffic Packet size 26 bytes Packet size 78 bytes Packet rate 1 pkt/s Packet rate 100 pkt/s A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 11 / 18

  12. Direct Flooding Attack total traffic HTTP DNS VoIP legal requests DDoS traffic (a) (b) (a) Direct DNS DDoS attack (b) Detail of legal and malicious DNS traffic The attack begins at t = 20 s and it is detected at t = 23 s After the filter are installed the botnet traffic is blocked VoIP traffic is unaffected due to Diffserv A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 12 / 18

  13. Shared Link Flooding Attack (StopIt only) StopIt total traffic HTTP VoIP DDoS DNS StopIt is not able to face the attack VoIP traffic is unaffected In this scenario the attack is achieved by flooding the host H u in the same AS the victim H d The bandwidth of link shared by H u , H d and the other hosts of the same AS is exhausted by the attack H d observes a drastic decrease in the number of received requests. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 13 / 18

  14. StopIt and DiffServ cooperation (1) Assumptions At least one StopIt server is present within each AS; Each AS corresponds to a DiffServ domain; In each DiffServ domain, the packets coming from the StopIt server are managed throughout the highest priority Assured Forwarding (AF) queue; The DiffServ system is able to install new Service Level Agreements (SLAs) at run time; The server H d experiencing a performance degradation is able to detect anomalous traffic conditions by using a specific detection algorithm. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 14 / 18

  15. StopIt and DiffServ cooperation (2) Once the server H d detects a decrease in its performance, mostly due to traffic anomalies, it starts the activation of the jointly StopIt - DiffServ defense mechanism by executing the following steps: H d sends a temporary DiffServ activation request toward the access 1 router R d within its AS R d forwards the request to the StopIt server after filling the packet with 2 the information about all the interfaces connected to the AS; The StopIt server installs the specific SLA for a certain time T b , then it 3 decreases by one the hop limit field and forwards the request to all the neighbour ASs The other StopIt servers, once received the request packet, repeat the 4 actions from point 2 until the hop limit field reaches zero. A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 15 / 18

  16. Shared Link Flooding Attack StopIt total traffic HTTP VoIP DDoS DNS StopIt is not able to face the attack VoIP traffic is unaffected StopIt + DiffServ VoIP total traffic HTTP DNS DDoS The necessary bandwidth for the DNS server is ensured HTTP traffic still remains affected by DoS A. Furfaro et al. A defense strategy against indirect DDoS flooding attacks September 24, 2014 16 / 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Modelling and Simulation Process 1. History of Modelling and Simulation 2. Modelling and

The Modelling and Simulation Process 1. History of Modelling and Simulation 2. Modelling and

The Modelling and Simulation Process 1. History of Modelling and Simulation 2. Modelling and Simulation Concepts 3. Levels of Abstraction 4. Experimental Frame 5. Validation 6. Studying a mass-spring system 7. The Modelling and Simulation

692 views • 34 slides
COMP 522 Modelling and Simulation model everything Hans Vangheluwe Modelling, Simulation

COMP 522 Modelling and Simulation model everything Hans Vangheluwe Modelling, Simulation

Fall Term 2006 COMP 522 Modelling and Simulation model everything Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) School of Computer Science, McGill University, Montr eal, Canada Hans Vangheluwe hv@cs.mcgill.ca

960 views • 37 slides
COMP 522 Modelling and Simulation model everything Hans Vangheluwe Modelling, Simulation

COMP 522 Modelling and Simulation model everything Hans Vangheluwe Modelling, Simulation

Fall Term 2008 COMP 522 Modelling and Simulation model everything Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) School of Computer Science, McGill University, Montr eal, Canada Hans Vangheluwe hv@cs.mcgill.ca

1.02k views • 58 slides
Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab

Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab

Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) Department of Mathematics and Computer Science, University of Antwerp, Belgium School of Computer Science, McGill University, Montr eal,

488 views • 25 slides
Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab

Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab

Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) Department of Mathematics and Computer Science, University of Antwerp, Belgium School of Computer Science, McGill University, Montr eal,

436 views • 43 slides
Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab

Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab

Foundations of Modelling and Simulation Hans Vangheluwe Modelling, Simulation and Design Lab (MSDL) School of Computer Science, McGill University, Montr eal, Canada Department of Mathematics and Computer Science, University of Antwerp,

618 views • 42 slides
COMP 522 (CRN 11875) Modelling and Simulation model everything

COMP 522 (CRN 11875) Modelling and Simulation model everything

Winter Term 2012 COMP 522 (CRN 11875) Modelling and Simulation model everything http://msdl.cs.mcgill.ca/people/hv/teaching/MS/ Hans Vangheluwe Levi Lucio Pieter Mosterman Modelling, Simulation and Design Lab (MSDL) School of Computer

584 views • 57 slides
A Parallel Strategy for a Level Set Simulation of A Parallel Strategy for a Level Set Simulation of

A Parallel Strategy for a Level Set Simulation of A Parallel Strategy for a Level Set Simulation of

A Parallel Strategy for a Level Set Simulation of A Parallel Strategy for a Level Set Simulation of Droplets Moving in a Liquid Medium Oliver Fortmeier, H. Martin Bcker VECPAR10 June 24 th VECPAR 10, June 24 Berkeley, CA, USA Motivation

529 views • 17 slides
Missile Defense Radar through Real-Time Electromagnetic (EM) Simulation Injection

Missile Defense Radar through Real-Time Electromagnetic (EM) Simulation Injection

Missile Defense Radar through Real-Time Electromagnetic (EM) Simulation Injection Ted.Selig@FishEye.net GTC 2016 Source MDA.mil Fylingdales Phased Array Radar Source: www.mda.mil Phased Array Radar Antenna Face Source: www.loc.gov Behind of

360 views • 21 slides
M&S in early development (to support FTiM) M&S to support design of First-in-Man

M&S in early development (to support FTiM) M&S to support design of First-in-Man

Modelling and simulation support for design of First-in- Man studies: the MABEL approach Hlne Karcher, Stacey Tannenbaum, Philip Lowe Modelling & Simulation, Novartis Pharma AG EMA-EFPIA Workshop on the role and scope of modelling and

118 views • 9 slides
PRESENTATION WHAT IS BLENDED LEARNING? INSTRUCTIONAL STRATEGY WHICH COMBINES FACE TO FACE AND

PRESENTATION WHAT IS BLENDED LEARNING? INSTRUCTIONAL STRATEGY WHICH COMBINES FACE TO FACE AND

BLENDED LEARNING PRESENTATION WHAT IS BLENDED LEARNING? INSTRUCTIONAL STRATEGY WHICH COMBINES FACE TO FACE AND ONLINE INSTRUCTION STUDENTS ARE PROVIDED THE OPPORTUNITY TO CONTROL THE TIME, PACE, PLACE, AND PATH OF THEIR OWN EDUCATION

205 views • 8 slides
Hans Vangheluwe Modelling and Simulation Causes of Complexity Dealing with Complexity

Hans Vangheluwe Modelling and Simulation Causes of Complexity Dealing with Complexity

Modelling and Simulation Causes of Complexity Dealing with Complexity Multi-Paradigm Modelling Modelling and Simulation to tackle Complexity Hans Vangheluwe Modelling and Simulation Causes of Complexity Dealing with Complexity

603 views • 46 slides
Hans Vangheluwe Modelling and Simulation Causes of Complexity Dealing with Complexity

Hans Vangheluwe Modelling and Simulation Causes of Complexity Dealing with Complexity

Modelling and Simulation Causes of Complexity Dealing with Complexity Multi-Paradigm Modelling Modelling and Simulation to tackle Complexity Hans Vangheluwe Modelling and Simulation Causes of Complexity Dealing with Complexity

564 views • 39 slides
EXPECTATIONS FROM PK-PD MODELLING AND SIMULATION IN THE EVALUATION OF MEDICINES IN CHILDREN Pr

EXPECTATIONS FROM PK-PD MODELLING AND SIMULATION IN THE EVALUATION OF MEDICINES IN CHILDREN Pr

EMEA Workshop on modelling in paediatric medicines London April 14, 2008 EXPECTATIONS FROM PK-PD MODELLING AND SIMULATION IN THE EVALUATION OF MEDICINES IN CHILDREN Pr Grard PONS (MD, PhD), PDCO Vice Chair Paediatrician

521 views • 6 slides
Outcomes from BOS2 Leon Aarons Key points Key points Modelling and simulation is driven by and

Outcomes from BOS2 Leon Aarons Key points Key points Modelling and simulation is driven by and

Outcomes from BOS2 Leon Aarons Key points Key points Modelling and simulation is driven by and informs the underlying science. Therefore a requirement for the acceptance of modelling and simulation is consistency and evidence of the

427 views • 3 slides
CS-522 (Modelling and Simulation) Project Statechart Modelling of TCP protocol Shah Asaduzzaman

CS-522 (Modelling and Simulation) Project Statechart Modelling of TCP protocol Shah Asaduzzaman

CS-522 (Modelling and Simulation) Project Statechart Modelling of TCP protocol Shah Asaduzzaman Zaki Hasnain Patel The total system Client Data Server Application Generator Application Data packet Data Buffer Data Channel (C-to-S) TCP

116 views • 11 slides
Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2

Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2

Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2 Andrea Marin 1 1 Universit` a Ca Foscari Venezia 2 Seconda Universit` a di Napoli November 18, 2015 The setting Nowadays the use of cloud computing

454 views • 30 slides
Chapter 8 Intrusion Detection Classes of Intruders -- Cyber Criminals Individuals or

Chapter 8 Intrusion Detection Classes of Intruders -- Cyber Criminals Individuals or

Chapter 8 Intrusion Detection Classes of Intruders -- Cyber Criminals Individuals or members of an organized crime group with a goal of financial reward Their activities may include: Identity theft Theft of financial

771 views • 44 slides
Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647

Security of Routing Protocols in Ad Hoc Wireless Networks presented by Reza Curtmola 600.647 Advanced Topics in Wireless Networks Our focus: MANETs Multi-hop routing: unicast multicast infrastructure access Our focus: MANETs

894 views • 26 slides
High-speed high-security cryptography: encrypting and authenticating the whole Internet D. J.

High-speed high-security cryptography: encrypting and authenticating the whole Internet D. J.

High-speed high-security cryptography: encrypting and authenticating the whole Internet D. J. Bernstein University of Illinois at Chicago wget -m -k -I / \ secspider.cs.ucla.edu cd secspider.cs.ucla.edu awk /GREEN.*GREEN.*GREEN.*Yes/

1.48k views • 94 slides
Microservices stress-free and without increased heart-attack risk Uwe Friedrichsen (codecentric AG)

Microservices stress-free and without increased heart-attack risk Uwe Friedrichsen (codecentric AG)

Microservices stress-free and without increased heart-attack risk Uwe Friedrichsen (codecentric AG) microxchg Berlin, 12. February 2015 @ufried Uwe Friedrichsen | uwe.friedrichsen@codecentric.de | http://slideshare.net/ufried |

893 views • 46 slides
Security Risk Assessment and Risk Treatment for Integrated Modular Communication Hamid Asgari,

Security Risk Assessment and Risk Treatment for Integrated Modular Communication Hamid Asgari,

Security Risk Assessment and Risk Treatment for Integrated Modular Communication Hamid Asgari, Senior Member IEEE , Sarah Haines, and Adrian Waller Thales UK Limited, Research & Technology, Worton Drive, Worton Grange Business Park, Reading

635 views • 7 slides
Vulnerability disclosure Dont forget overall goal: improve software safety Consider

Vulnerability disclosure Dont forget overall goal: improve software safety Consider

Vulnerability disclosure Dont forget overall goal: improve software safety Consider incentives for researchers, software vendors, customers Supply chain can be complex Software component developers Open source Resellers

621 views • 20 slides
Instant OS Updates via Userspace Checkpoint-and-Restart Sanidhya Kashyap , Changwoo Min,

Instant OS Updates via Userspace Checkpoint-and-Restart Sanidhya Kashyap , Changwoo Min,

Instant OS Updates via Userspace Checkpoint-and-Restart Sanidhya Kashyap , Changwoo Min, Byoungyoung Lee, Taesoo Kim, Pavel Emelyanov OS updates are prevalent And OS updates are unavoidable Prevent known, state-of-the-art attacks

1.08k views • 79 slides

More recommend