Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, - - PowerPoint PPT Presentation

optical aware ddos defense
SMART_READER_LITE
LIVE PREVIEW

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, - - PowerPoint PPT Presentation

Aug 23, 2023 304 likes •407 views

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar DDoS Attacks A persistent threat on the global Internet Working from home new online tools for collaboration New tools new attack

slide-1
SLIDE 1

Optical-Aware DDoS Defense

Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar

slide-2
SLIDE 2

DDoS Attacks

  • A persistent threat on the global Internet
  • Working from home  new online tools for collaboration
  • New tools  new attack vectors
  • 2019 Q4 largest attack was 200 Gbps (https://www.nexusguard.com/threat-report-q4-2019)
  • Attacks are numerous in variety:
  • Direct, Transit-Link, DNS-Amplification, SYN-Flooding, etc.
slide-3
SLIDE 3

DDoS Defenses

  • Defense has been an infrastructure problem
  • Add packet filters, cloud scrubbing facilities, middle-boxes, etc.
  • Infrastructure solutions lead to attacker/defender arms races
  • Stronger attacks  more scrubbers  stronger attacks  …
slide-4
SLIDE 4

Routing Around Congestion (RAC)

  • Smith et al. proposed routing around

congestion at S&P 2018.

  • Relies on BGP route poisoning to

recover traffic from a critical AS

  • Tran et al. show this defense is infeasible

at S&P 2019.

  • Trade off between path availability and isolation
  • New detour-learning attacks
slide-5
SLIDE 5

My Research: Optical-Aware RAC

  • Deploy RAC defense at the
  • ptical layer
  • Physically separate

suspicious/trusted traffic

  • Remove the trade-off from

BGP-poisoning RAC defense.

slide-6
SLIDE 6

Benefits of Optical Aware RAC

  • Better performance for trusted traffic
  • Scrubbers can handle larger attacks
slide-7
SLIDE 7

System Architecture

  • Integrating optical systems with other

network control and automation systems is complex but not infeasible

  • In fact, it is necessary for defending

against future attacks of growing scale

  • Open Network Operating System

(ONOS) is a system that can be used to achieve this goal

  • Optical-Aware DDoS defense can be

implemented as an ONOS application

slide-8
SLIDE 8

Lab Evaluation (Work in progress)

  • Two servers host a set of VMs
  • VMs use the optical network

with four links

  • ONSET dynamically switches

trusted traffic to an isolated link during an attack.

slide-9
SLIDE 9

Future work

Collect data from lab evaluation

1) Throughput for trusted traffic 2) Switching time

Simulate optical-aware RAC for larger topologies

1) Possibly use CAIDA’s AS graph 2) Internet Topology Zoo, or Internet Atlas graphs.