not a bot improving service availability in the face of
play

Not-A-Bot: Improving Service Availability in the Face of Botnet - PowerPoint PPT Presentation

Feb 04, 2024 •255 likes •560 views

CS 598-PBG Presented by Ashish Vulimiri Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H. Balakrishnan, P . Maniatis, S. Ratnasamy Presented by: Ashish Vulimiri Images lifted from paper/authors NSDI09

  1. CS 598-PBG Presented by Ashish Vulimiri Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H. Balakrishnan, P . Maniatis, S. Ratnasamy Presented by: Ashish Vulimiri Images lifted from paper/authors’ NSDI09 slides. All hail the fair use exception. Gummadi et al (MIT/Intel Research) Not-A-Bot 1 / 14

  2. CS 598-PBG Presented by Ashish Vulimiri Motivation Gummadi et al (MIT/Intel Research) Not-A-Bot 2 / 14

  3. CS 598-PBG Presented by Ashish Vulimiri Motivation Botnets: bad Gummadi et al (MIT/Intel Research) Not-A-Bot 2 / 14

  4. CS 598-PBG Presented by Ashish Vulimiri Motivation Botnets: bad Spam DDoS Click-fraud Gummadi et al (MIT/Intel Research) Not-A-Bot 2 / 14

  5. CS 598-PBG Presented by Ashish Vulimiri Motivation Botnets: bad Spam DDoS Click-fraud Problem: cannot distinguish bot/human requests Gummadi et al (MIT/Intel Research) Not-A-Bot 2 / 14

  6. CS 598-PBG Presented by Ashish Vulimiri Motivation Botnets: bad Spam DDoS Click-fraud Problem: cannot distinguish bot/human requests Will solving this issue always help? Gummadi et al (MIT/Intel Research) Not-A-Bot 2 / 14

  7. CS 598-PBG Presented by Ashish Vulimiri Related Work Application-specific schemes Bandwidth/computation based payment schemes for DoS Sender authentication schemes like SPF , DomainKeys for spam control Human-activity detection CAPTCHAs Gummadi et al (MIT/Intel Research) Not-A-Bot 3 / 14

  8. CS 598-PBG Presented by Ashish Vulimiri Related Work Application-specific schemes Bandwidth/computation based payment schemes for DoS Sender authentication schemes like SPF , DomainKeys for spam control Human-activity detection CAPTCHAs Secure execution environments Pioneer XOM TPM, vTPM Gummadi et al (MIT/Intel Research) Not-A-Bot 3 / 14

  9. CS 598-PBG Presented by Ashish Vulimiri TPM Trusted base Cryptographic coprocessor Not-A-Bot uses: Platform configuration registers Sealed storage Can seal values, signed by TPM’s internal key, along with guard conditions on the value of PCRs Direct anonymous attestation Gummadi et al (MIT/Intel Research) Not-A-Bot 4 / 14

  10. CS 598-PBG Presented by Ashish Vulimiri Not-A-Bot Chain of trust from attester to verifier When requested, attester checks and signs off on human originated actions Guaranteed human requests can be given higher priority at server Granularity is request level, not host level – human requests from compromised hosts might benefit Gummadi et al (MIT/Intel Research) Not-A-Bot 5 / 14

  11. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust Gummadi et al (MIT/Intel Research) Not-A-Bot 6 / 14

  12. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust PCRs are used to provide verifiable bootup Gummadi et al (MIT/Intel Research) Not-A-Bot 6 / 14

  13. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust PCRs are used to provide verifiable bootup When attester is installed, private information sealed using TPM, with BIOS and attester code hashes as guards. Private info includes: Private key κ priv Information needed to create a signed certificate for DAA. This is NOT a shared secret Gummadi et al (MIT/Intel Research) Not-A-Bot 6 / 14

  14. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust PCRs are used to provide verifiable bootup When attester is installed, private information sealed using TPM, with BIOS and attester code hashes as guards. Private info includes: Private key κ priv Information needed to create a signed certificate for DAA. This is NOT a shared secret TPM allows unsealing only if BIOS and attester hashes match – so if attester code is changed, key can’t be accessed Gummadi et al (MIT/Intel Research) Not-A-Bot 6 / 14

  15. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust Gummadi et al (MIT/Intel Research) Not-A-Bot 7 / 14

  16. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust Application (at client) must request attestation locally from the attester and send to verifier to authenticate that a request is human-generated Gummadi et al (MIT/Intel Research) Not-A-Bot 7 / 14

  17. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust Application (at client) must request attestation locally from the attester and send to verifier to authenticate that a request is human-generated An attestatation is of the form � a , sign ( κ priv , a ) , C � , where a is the attestation information and C is a certificate that attester uses with the DAA protocol to prove integrity to the verifier Gummadi et al (MIT/Intel Research) Not-A-Bot 7 / 14

  18. CS 598-PBG Presented by Ashish Vulimiri Chain of Trust Application (at client) must request attestation locally from the attester and send to verifier to authenticate that a request is human-generated An attestatation is of the form � a , sign ( κ priv , a ) , C � , where a is the attestation information and C is a certificate that attester uses with the DAA protocol to prove integrity to the verifier Necessary component of a : nonce n , which the verifier stores to ensure client is not replaying authentications Gummadi et al (MIT/Intel Research) Not-A-Bot 7 / 14

  19. CS 598-PBG Presented by Ashish Vulimiri Attester Operation Request is considered human-generated if it occurs within � ∆ m , ∆ k � distance of a mouse/keyboard click, where the ∆ parameters are application specific Attestation may either include time since last mouse click/keypress directly, or merely state an upper-bound on them (the first leaks some timing information which may be significant) Choice left to application Attestation information a is � d , n , δ m , δ k � , where d is a digest of the message (e.g. e-mail, HTTP GET/POST etc), n is the nonce used to ensure client cannot replay attestations, δ is timing information Gummadi et al (MIT/Intel Research) Not-A-Bot 8 / 14

  20. CS 598-PBG Presented by Ashish Vulimiri Verifier Operation Spam In attestation, entire message is hashed: including sender, recipient, timestamp and content Server stores nonces for a month Together, these two factors severely restrict replayability: spammer can reuse authentication only after a month (only one replay per authenticated email) But because timestamp is also hashed, it can’t be changed. Server will reject even this lone replayed email as too old. Gummadi et al (MIT/Intel Research) Not-A-Bot 9 / 14

  21. CS 598-PBG Presented by Ashish Vulimiri Verifier Operation Spam Additional notes: For mailing lists, auth sent to each email address in the “To:” field Offline mode: store an auth when user clicks “Send”, hold it until connected to the network Script mode: similar to offline mode. User manually authorizes a certain number of human-authentications when writing a script Gummadi et al (MIT/Intel Research) Not-A-Bot 10 / 14

  22. CS 598-PBG Presented by Ashish Vulimiri Verifier Operation DDoS/Click Fraud Browser sends authentication for document root (e.g. “http://www.example.com/”) Server stores auth for 10 minutes In this time, the authentication also grants access to any embedded links/documents Note: unlike with e-mail, incentive structure is asymmetric. Much more useful to website owners/content providers than to users Gummadi et al (MIT/Intel Research) Not-A-Bot 11 / 14

  23. CS 598-PBG Presented by Ashish Vulimiri Verifier Operation DDoS/Click Fraud Browser sends authentication for document root (e.g. “http://www.example.com/”) Server stores auth for 10 minutes In this time, the authentication also grants access to any embedded links/documents Note: unlike with e-mail, incentive structure is asymmetric. Much more useful to website owners/content providers than to users Authors suggest that verifiers push attesters onto users through other means, for example browser toolbars Gummadi et al (MIT/Intel Research) Not-A-Bot 11 / 14

  24. CS 598-PBG Presented by Ashish Vulimiri Experimental Evaluation Spam Client: reduced false negatives in inbox from 1.5% to 0.15%, false positives from 0.08% to 0% Server: of all spam traffic, 8% was attested as human-originated DDoS 11% of all DDoS requests attested as human-originated Click-fraud 13% of all click-fraud traffic attested as human-originated Gummadi et al (MIT/Intel Research) Not-A-Bot 12 / 14

  25. CS 598-PBG Presented by Ashish Vulimiri Discussion Gummadi et al (MIT/Intel Research) Not-A-Bot 13 / 14

  26. CS 598-PBG Presented by Ashish Vulimiri Discussion What else (apart from non-human origin) characterizes botnet requests? Gummadi et al (MIT/Intel Research) Not-A-Bot 13 / 14

  27. CS 598-PBG Presented by Ashish Vulimiri Discussion What else (apart from non-human origin) characterizes botnet requests? Better human-identification algorithm? Gummadi et al (MIT/Intel Research) Not-A-Bot 13 / 14

  28. CS 598-PBG Presented by Ashish Vulimiri Discussion What else (apart from non-human origin) characterizes botnet requests? Better human-identification algorithm? How reasonable is it to assume hardware safety? Gummadi et al (MIT/Intel Research) Not-A-Bot 13 / 14

  29. CS 598-PBG Presented by Ashish Vulimiri Discussion What else (apart from non-human origin) characterizes botnet requests? Better human-identification algorithm? How reasonable is it to assume hardware safety? Trusted computing issues Gummadi et al (MIT/Intel Research) Not-A-Bot 13 / 14

  30. CS 598-PBG Presented by Ashish Vulimiri Questions? Gummadi et al (MIT/Intel Research) Not-A-Bot 14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna

NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna

NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna (Ramki) Gummadi MIT Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research) The problem: Service unavailability Bounced email

627 views • 28 slides
Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction to the problem Architecture of NAB A way to attest human-generated traffic Use of attestation to mitigate presented problems Results

418 views • 25 slides
Improving availability of ASF Challenges and Opportunities Khieu Borin Director General for

Improving availability of ASF Challenges and Opportunities Khieu Borin Director General for

FEED THE FUTURE INNOVATION LAB FOR LIVESTOCK SYSTEMS University of Florida Global Nutrition Symposium Theme: Nurturing development: Improving human nutrition with animal-source foods March 29 to 30, 2017 Improving availability of ASF Challenges

431 views • 20 slides
CES/NMSBA LEADERSHIP DEVELOPMENT SCHEDULE OF FOUR FACE TO FACE SESSIONS IMPROVING STUDENT

CES/NMSBA LEADERSHIP DEVELOPMENT SCHEDULE OF FOUR FACE TO FACE SESSIONS IMPROVING STUDENT

CES/NMSBA LEADERSHIP DEVELOPMENT SCHEDULE OF FOUR FACE TO FACE SESSIONS IMPROVING STUDENT ACHIEVEMENT THROUGH COMMUNITY ENGAGEMENT (KEY WORK OF SCHOOL BOARDS) POWERS AND DUTIES OF THE BOARD DECEMBER TRAINING Overview of the major

457 views • 6 slides
High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service

High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service

High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service Availability Forum Reliability and Availability Application Interface Specification Service Availability Forum Mission The Service

256 views • 24 slides
Improving Client Web Availability with MONET David G. Andersen, CMU Hari Balakrishnan, M. Frans

Improving Client Web Availability with MONET David G. Andersen, CMU Hari Balakrishnan, M. Frans

Improving Client Web Availability with MONET David G. Andersen, CMU Hari Balakrishnan, M. Frans Kaashoek, Rohit Rao, MIT http: //nms.csail.mit.edu/ron/ronweb/ Availability We Want Carrier Airlines (2002 FAA Fact Book) 41 accidents,

701 views • 55 slides
Hom e H Healt h Service ces and Fa Face-t o-Face Encount er Requirem ent s Guest Presenters

Hom e H Healt h Service ces and Fa Face-t o-Face Encount er Requirem ent s Guest Presenters

Hom e H Healt h Service ces and Fa Face-t o-Face Encount er Requirem ent s Guest Presenters Alexandra Koloskus, JD Matt Colussi June 2017 Our r Mission I mproving health care access and outcomes for the people we serve while

448 views • 20 slides
Improving RGB-D face recognition via transferring pretrained 2D networks Xingwang Xiong, Xu Wen,

Improving RGB-D face recognition via transferring pretrained 2D networks Xingwang Xiong, Xu Wen,

Improving RGB-D face recognition via transferring pretrained 2D networks Xingwang Xiong, Xu Wen, and Cheng Huang INSTITUTE O https://github.com/XingwXiong/Face3D-Pytorch OF C COMPUTING T TECHNOLOGY 3D Face Recognition Algorithm Challenge

521 views • 13 slides
GRETB Adult Guidance and Information Service Pre-Covid 19 Face to Face One to One/Group

GRETB Adult Guidance and Information Service Pre-Covid 19 Face to Face One to One/Group

GRETB Adult Guidance and Information Service Pre-Covid 19 Face to Face One to One/Group Guidance and Information Session in 41 FET Centres throughout the region Phone/Email/Drop in Information Queries Team Meeting held once a month

440 views • 18 slides
An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and

An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and

An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and Rogrio de Lemos Computing Laboratory - University of Kent at Canterbury, UK Motivation Architectural pattern Implementation and results

306 views • 12 slides
LIFE WELL PLANNED CHAIRMANS MESSAGE Combining good old fashioned face-to-face service with real

LIFE WELL PLANNED CHAIRMANS MESSAGE Combining good old fashioned face-to-face service with real

LIFE WELL PLANNED CHAIRMANS MESSAGE Combining good old fashioned face-to-face service with real value for our Clients has brought Globaleye to where we are today. We complement this with some of the most innovative online solutions which help

497 views • 13 slides
Improving the regulation of generic medicines in Australia Facilitating timely availability of

Improving the regulation of generic medicines in Australia Facilitating timely availability of

Improving the regulation of generic medicines in Australia Facilitating timely availability of high quality and affordable medicines to the Australian public Dr Michael Ernst-Russell Principal Evaluator Pharmaceutical Chemistry Section

409 views • 17 slides
eBook Challenges Libraries face a Libraries face a challenge of challenge of discoverability

eBook Challenges Libraries face a Libraries face a challenge of challenge of discoverability

ReadersFirst A movement to improve e-book access & services for public library users eBook Challenges Libraries face a Libraries face a challenge of challenge of discoverability and availability in that access from eBook some publishers

716 views • 19 slides
High Availability with the openais project Prepared by: Steven Dake October 2005 Agenda

High Availability with the openais project Prepared by: Steven Dake October 2005 Agenda

High Availability with the openais project Prepared by: Steven Dake October 2005 Agenda Service Availability Forum Reliability and Availability Application Interface Specification The openais project Service Availability Forum

547 views • 26 slides
Dog Warden Service Dog Warden Service The dog warden service works towards improving quality of

Dog Warden Service Dog Warden Service The dog warden service works towards improving quality of

Dog Warden Service Dog Warden Service The dog warden service works towards improving quality of life now and for The dog warden service works towards improving quality of life now and for future generations by helping to create a healthier

301 views • 14 slides
Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation Guoqing Wang 1,3 , Hu Han , 1,2 , Shiguang Shan 1,2,3,4 , and Xilin Chen 1,3 1 Key Laboratory of Intelligent Information Processing of Chinese Academy

130 views • 8 slides
Twitter User Profiling: Bot and Gender Identification 7 th Author Profiling Task PAN 2019 CLEF

Twitter User Profiling: Bot and Gender Identification 7 th Author Profiling Task PAN 2019 CLEF

Twitter User Profiling: Bot and Gender Identification 7 th Author Profiling Task PAN 2019 CLEF Workshop Dijana Kosmajac Dr Vlado Keselj Faculty of Computer Science, Dalhousie University Halifax, Nova Scotia, Canada Overview

483 views • 14 slides
11-830 Computational Ethics for NLP Lecture 12: Computational Propaganda History of Propaganda

11-830 Computational Ethics for NLP Lecture 12: Computational Propaganda History of Propaganda

11-830 Computational Ethics for NLP Lecture 12: Computational Propaganda History of Propaganda Carthago delenda est! 11-830 Computational Ethics for NLP History of Propaganda Carthago delenda est! History is written by the winners

691 views • 21 slides
https://woebot.io/ Soft awareness 2017 chats with Replika https://vimeo.com/250440998#t=40s

https://woebot.io/ Soft awareness 2017 chats with Replika https://vimeo.com/250440998#t=40s

https://woebot.io/ Soft awareness 2017 chats with Replika https://vimeo.com/250440998#t=40s https://www.pandorabots.com/mitsuku/ 80% of companies will use ChatBots by the end of 2020 Chatbots can cut operational costs by up to 30%.

493 views • 7 slides
Accelerating SE research adoption with Analysis Bots https://github.com/AnalysisBotsPlatform

Accelerating SE research adoption with Analysis Bots https://github.com/AnalysisBotsPlatform

Accelerating SE research adoption with Analysis Bots https://github.com/AnalysisBotsPlatform Ivan Beschastnikh, Mircea F. Lungu, Yanyan Zhuang U. of British U. of Groningen U. of Colorado Columbia Colorado Springs Canada Wanted: SE

467 views • 23 slides
Whos Here? 1. Name 2. Library 3. STEM programming @ your Library 4. Computer

Whos Here? 1. Name 2. Library 3. STEM programming @ your Library 4. Computer

Whos Here? 1. Name 2. Library 3. STEM programming @ your Library 4. Computer science/Coding/Kids & Tech @ your Library Session Goals Why is STEM and computer science important Provide familiarity with the content, coverage and location

450 views • 18 slides
Di Discovery of the he Bur ursty Di Discovery of the he Bur ursty Botnet b Bo by u unusu

Di Discovery of the he Bur ursty Di Discovery of the he Bur ursty Botnet b Bo by u unusu

Di Discovery of the he Bur ursty Di Discovery of the he Bur ursty Botnet b Bo by u unusu sual t tweeting Botnet b Bo by u unusu sual t tweeting be beha havio iour urs beha be havio iour urs Juan Echeverria, Christoph

591 views • 22 slides
Why Transformers Work. *More info blablabla *More info blablabla *More info blablabla *More

Why Transformers Work. *More info blablabla *More info blablabla *More info blablabla *More

Why Transformers Work. *More info blablabla *More info blablabla *More info blablabla *More info blablabla *More info blablabla *More info blablabla *More info blablabla *More info blablabla *More info blablabla *More info blablabla *More

1.11k views • 77 slides
Botnet Detection with DNS Monitoring Seminar Future Internet 2014 Christopher Will Advisor:

Botnet Detection with DNS Monitoring Seminar Future Internet 2014 Christopher Will Advisor:

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Botnet Detection with DNS Monitoring Seminar Future Internet 2014 Christopher Will Advisor: Oliver Gasser Introduction - Botnets Great

748 views • 17 slides

More recommend