openflow ddos mitigation
play

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 - PowerPoint PPT Presentation

Feb 20, 2024 •177 likes •358 views

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation Introduction Distributed Denial of Service attacks Types of attacks Application

  1. OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  2. Introduction Distributed Denial of Service attacks Types of attacks Application layer attacks (low volume) Network layer attacks (high volume) Popular mitigation methods BGP Remotely Triggered Black Hole (RTBH) In-line filtering appliances Scrubbing center OpenFlow DDoS mitigation While keeping the target online C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  3. Research Question How can Openflow be used in DDoS mitigation? How can flow statistics be analyzed to detect DDoS attacks? Can packet symmetry in sample traffic be analyzed to detect malicious traffic sources? Can malicious traffic sources be detected by temporarily dropping outgoing traffic? Can OpenFlow be used to efficiently block malicious sources while allowing legitimate traffic? C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  4. OpenFlow Separation between control- and data plane Controller creates and pushes flows to data plane TCAM table 0 http://yuba.stanford.edu/cs244wiki/index.php/Overview C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  5. OpenFlow: Flow Statistics Per flow: Duration Byte counters Packet counters Polled by controller Network load overview C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  6. OpenFlow: Traffic Sampling Packet-in channel Samples to controller Strip payload Encapsulation by switch TCP stream Mirroring Multiple output ports for a flow To any IDS on the network C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  7. OpenFlow: Traffic Dropping Flexibility in dropping traffic: Source based blocking Destination based filtering Only block TCP/UDP destination port Limited by capacity of TCAM table C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  8. Proposed Solution 1 Initial detection Monitoring flow statistics Detect traffic spikes 2 Identification of attackers Traffic sampling Packet symmetry Block outgoing traffic 3 Blocking the attack Drop traffic from malicious sources C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  9. Proposed Solution: Initial Detection Detection of traffic spikes in flow statistics Detection based on the standard deviation Lightweight Initial detection: Used to trigger further detection mechanisms C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  10. Proposed Solution: Packet Symmetry Mirror traffic from and to DDoS target Distinguish attackers with packet count symmetry analysis Legitimate traffic shows typical ratios between 1:1 and 8:1. C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  11. Proposed Solution: Block Outgoing Traffic A short interruption of the outgoing flow could distinguish bad sources. TCP retransmit interval should increases Typical request-response protocols may show equal behaviour Expecting a declining rate of packets OpenFlow can easily and rapidly modify flows that enable this C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  12. Proposed Solution: Block Outgoing Traffic 1 Sample 2 Block + sample 3 Analyse C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  13. Proposed Solution: Drop Malicious Traffic Explicit drop flows using OpenFlow Source-based blocking explored Idle drop flows expire automatically C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  14. Proof of Concept: Experimentation setup Ryu SDN framework Python based OpenFlow controller Detection mechanisms in the controller Software environment KVM + OpenVswitch Hardware environment Arista 7050 OpenFlow switch 10Gbit simulations Not as flexible as OpenVswitch Traffic simulation Victim and Attacker machines Legitimate + DDoS traffic C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  15. Proof of Concept: Packet Symmetry Hping3 flood stalls the Curl C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  16. Proof of Concept: Block Outgoing Traffic Timing issues with hardware. Flood never stopped. Curl retransmitted at a declining rate. C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  17. Conclusion Using the OpenFlow infrastructure to mitigate high volume attacks shows potential. Hardware currently shows limitations: TCAM table size Timing of OpenFlow operations in our experiment caused issues C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

  18. Questions Questions? C. Dillon, M. Berkelaar OpenFlow DDoS Mitigation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views • 44 slides
XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at

XDP in Practice DDoS Mitigation @Cloudflare Gilberto Bertin About me Systems Engineer at Cloudflare London DDoS Mitigation Team Enjoy messing with networking and Linux kernel Agenda Cloudflare DDoS mitigation pipeline Iptables and

802 views • 65 slides
DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology of work DDoS tactics in-the-wild and how to improve Ready, set, FACEPALM! Q&A ~$ whoami 3 Moshe Zioni, Head of Research,

656 views • 47 slides
Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim to DDoS mitigation service SOS "I am getting DoSd" 2 DDoS Transport Choice SOS : Requirements Emergency signal.

247 views • 5 slides
Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to

Founded in 1998, Staminus Communications provides revolutionary DDoS mitigation services to millions of users and thousands of companies around the globe. Powered by an ever-expanding global network dedicated to DDoS mitigation and multiple

576 views • 9 slides
Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation

Introduction: Filtering Based Techniques DDOS Attacks: Target CPU / Bandwidth for DDOS Mitigation Attacker signals slaves to launch an attack on a specific target address (victim). Slaves then respond by Comp290: Network

275 views • 9 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why

PennREN DDoS Mitigation Service Technical Overview Zach Bare Network Engineer Agenda Why use the DDoS Mitigation Service What the service does not do (currently) Understanding traffic flow PennREN member requirements Activating traffic

389 views • 18 slides
DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees

DDOS MITIGATION EXPERIENCE 01. About IP ServerOne Founded in 2003 About 52 Employees IP ServerOne Managing over 4500 physical servers Total 150 Racks in 5 data centers across Malaysia and Singapore Contributing 10% of

479 views • 35 slides
A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure

A proactive and collaborative DDoS mitigation strategy for the Dutch critical infrastructure Cristian Hesselman 1 , Jeroen van der Ham 2 , Roland van Rijswijk 3 , Jair Santanna 2 , Aiko Pras 2 1) SIDN Labs, 2) University of Twente, 3) SURFnet

463 views • 10 slides
OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o

OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o

OpenFlow and Software Defjned Networks Outline o The history of OpenFlow o What is OpenFlow? o Slicing OpenFlow networks o Software Defjned Networks o Industry interest Original Question How can researchers on college campuses test out new

718 views • 35 slides
.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS A)ack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos A)acks Few Qmes

150 views • 13 slides
Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies,

Kernel HTTPS/TCP/IP stack for HTTP DDoS mitigation Alexander Krizhanovsky Tempesta Technologies, Inc. ak@tempesta-tech.com Who am I? CEO & CTO at Tempesta Technologies (Seattle, WA) Developing Tempesta FW open source Linux Application

740 views • 48 slides
Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS

Future of DDoS Attacks Mitigation in Software Defined Networks Martin Vizvry, Jan Vykopal AIMS 2014, Brno, July, 1st 2014 Current and Future Networking Traditional networking principles remain mostly unchanged over the past decades.

446 views • 18 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta,

NORDUnet Nordic Infrastructure for Research & Education DDoS Mitigation at NORDUnet Lars Fischer (w/ big thanks to Martin Aldrin) TF-MSP Meeting Malta, 27 November 2014 NORDUnet Basic Nordic infrastructure for Research & Education

307 views • 16 slides
Techniques for detecting compromised IoT devices Ivo van der Elzen, Jeroen van Heugten RP1

Techniques for detecting compromised IoT devices Ivo van der Elzen, Jeroen van Heugten RP1

Introduction Research questions Research Results Conclusion Questions Techniques for detecting compromised IoT devices Ivo van der Elzen, Jeroen van Heugten RP1 Presentation February 6, 2017 RIoT Van der Elzen, Van Heugten Introduction

456 views • 22 slides
Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21,

Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21,

Exploiting Live Virtual Machine Migration Jon Oberheide University of Michigan February 21, 2008 Black Hat DC - Game Plan Introduction to VM migration Live migration security Exploiting live migration Future attacks and

441 views • 31 slides
Networks: Detection and Countermeasure Issa Khalil, Saurabh Bagchi IEEE Transactions on Mobile

Networks: Detection and Countermeasure Issa Khalil, Saurabh Bagchi IEEE Transactions on Mobile

Stealthy Attacks in Wireless Ad Hoc Networks: Detection and Countermeasure Issa Khalil, Saurabh Bagchi IEEE Transactions on Mobile Computing, 2011 Presented by Yang Chen 1 CS6204 Mobile Computing Khalil-TMC11 Outline Background and

1k views • 43 slides
2018 Investor Presentation Thursday, 17 May 2018 Link Group Investor Presentation 17 May 2018

2018 Investor Presentation Thursday, 17 May 2018 Link Group Investor Presentation 17 May 2018

2018 Investor Presentation Thursday, 17 May 2018 Link Group Investor Presentation 17 May 2018 Link Group 1 Important notice This presentation has been prepared by Link Administration Holdings Limited ( Company ) together with its related

1.08k views • 74 slides
Formal Security Analysis of Smart Embedded Systems Farid Farid Molazem

Formal Security Analysis of Smart Embedded Systems Farid Farid Molazem

Formal Security Analysis of Smart Embedded Systems Farid Farid Molazem Molazem Tabrizi Tabrizi Karthik Pattabiraman Karthik Pattabiraman http://blogs.ubc.ca/karthik/ 1 IoT Systems 2 Security Attacks

224 views • 20 slides
Adversarial Attacks and Defenses in Deep Learning Hang Su suhangss@tsinghua.edu.cn Institute for

Adversarial Attacks and Defenses in Deep Learning Hang Su suhangss@tsinghua.edu.cn Institute for

Adversarial Attacks and Defenses in Deep Learning Hang Su suhangss@tsinghua.edu.cn Institute for Artificial Intelligence Dept. of Computer Science & Technology Tsinghua University 1 Background Artificial intelligence (AI) is a

917 views • 63 slides
A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond,

A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond,

A Classification of SQL Injection Attack Techniques and Countermeasures William G.J. Halfond, Jeremy Viegas & Alessandro Orso Georgia Institute of Technology This work was partially supported by DHS contract FA8750-05-2-0214 and NSF award

425 views • 29 slides
September 2014 Investor Presentation Cautionary Statements And Risk Factors That May Affect

September 2014 Investor Presentation Cautionary Statements And Risk Factors That May Affect

September 2014 Investor Presentation Cautionary Statements And Risk Factors That May Affect Future Results Any statements made herein about future operating and/or financial results and/or other future events are forward-looking statements

680 views • 64 slides

More recommend