optical aware ddos defense
play

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, - PowerPoint PPT Presentation

Aug 23, 2023 •304 likes •405 views

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar DDoS Attacks A persistent threat on the global Internet Working from home new online tools for collaboration New tools new attack

  1. Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar

  2. DDoS Attacks • A persistent threat on the global Internet • Working from home  new online tools for collaboration • New tools  new attack vectors • 2019 Q4 largest attack was 200 Gbps (https://www.nexusguard.com/threat-report-q4-2019) • Attacks are numerous in variety: • Direct, Transit-Link, DNS-Amplification, SYN-Flooding, etc.

  3. DDoS Defenses • Defense has been an infrastructure problem • Add packet filters, cloud scrubbing facilities, middle-boxes, etc. • Infrastructure solutions lead to attacker/defender arms races • Stronger attacks  more scrubbers  stronger attacks  …

  4. Routing Around Congestion (RAC) • Smith et al. proposed routing around congestion at S&P 2018. • Relies on BGP route poisoning to recover traffic from a critical AS • Tran et al. show this defense is infeasible at S&P 2019. • Trade off between path availability and isolation • New detour-learning attacks

  5. My Research: Optical-Aware RAC • Deploy RAC defense at the optical layer • Physically separate suspicious/trusted traffic • Remove the trade-off from BGP-poisoning RAC defense.

  6. Benefits of • Better performance for trusted traffic Optical Aware • Scrubbers can handle larger attacks RAC

  7. System Architecture • Integrating optical systems with other network control and automation systems is complex but not infeasible • In fact, it is necessary for defending against future attacks of growing scale • Open Network Operating System (ONOS) is a system that can be used to achieve this goal • Optical-Aware DDoS defense can be implemented as an ONOS application

  8. Lab • Two servers host a set of VMs Evaluation • VMs use the optical network with four links (Work in • ONSET dynamically switches trusted traffic to an isolated link progress) during an attack.

  9. Future work Collect data from lab Simulate optical-aware RAC evaluation for larger topologies 1) Possibly use CAIDA’s AS graph 1) Throughput for trusted traffic 2) Internet Topology Zoo, or Internet Atlas graphs. 2) Switching time

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter Reiher Manu Shantharam & David Hadka What is DoS? DoS A type of attack wherein access to computer resource / service is denied or

380 views • 18 slides
DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek Supervisor: Stavros Konstantaras (AMS-IX) SNE: Research Project II 03-07-2018 Introduction D istributed D enial o f S ervice DDoS attacks on banks in

720 views • 33 slides
Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense Prevention DOS/DDoS Types Vulnerability attack Flooding attack DoS vs DDoS DoS: Attack is launched from single host Less

614 views • 26 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM06 Presented By:

DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM06 Presented By:

DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM06 Presented By: Marwa K. Elteir Outline Outline Problem definition Problem definition Related Work Related Work Speak Speak- -up up Model Model

458 views • 9 slides
Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views • 44 slides
Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde,

Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde,

Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde, Hao Jin, Vyas Sekar, Prateek Saxena, Min Suk Kang July 8, 2019 | Dallas, TX Large-scale volumetric DDoS attacks are common (distributed denial of

569 views • 29 slides
CDN on Demand Affordable DDoS Defense using Untrusted IaaS-Clouds Yossi Gilad, Michael Goberman,

CDN on Demand Affordable DDoS Defense using Untrusted IaaS-Clouds Yossi Gilad, Michael Goberman,

CDN on Demand Affordable DDoS Defense using Untrusted IaaS-Clouds Yossi Gilad, Michael Goberman, Amir Herzberg and Michael Sudkovitch Talk Outline Content Delivery Networks as DoS defense The CDN-on-Demand system Clientless

529 views • 22 slides
Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro,

Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro,

Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro, P. Pace, A. Parise, L. Molina Valdiviezo Universit` a della Calabria D.I.M.E.S 87036 Rende(CS) - Italy Email: a.furfaro@unical.it A. Furfaro

510 views • 18 slides
.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS A)ack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos A)acks Few Qmes

150 views • 13 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology of work DDoS tactics in-the-wild and how to improve Ready, set, FACEPALM! Q&A ~$ whoami 3 Moshe Zioni, Head of Research,

656 views • 47 slides
Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl

Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl Netzarchitekturen und Netzdienste Fakultt

622 views • 29 slides
Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim to DDoS mitigation service SOS "I am getting DoSd" 2 DDoS Transport Choice SOS : Requirements Emergency signal.

247 views • 5 slides
Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense e Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell Presented by Surya Mani Content u Motivation u Related Work u

262 views • 23 slides
DDoS flooding attack detection throug h a step-by-step investigation

DDoS flooding attack detection throug h a step-by-step investigation

DDoS flooding attack detection throug h a step-by-step investigation

209 views • 17 slides
Proposals to fix the edge Ca thenetwork Compute Storage Why How How connect to nearest edge

Proposals to fix the edge Ca thenetwork Compute Storage Why How How connect to nearest edge

More Security Start oith Denial of Service CDN Last class Authentication vs Authorization SYN flood why does it work How fixed DDos was it What Proposals to fix the edge Ca thenetwork Compute Storage Why How How connect to nearest edge

58 views • 4 slides
Addressing Shortcomings of Existing DDoS Protection Software Using Software-Defined Networking

Addressing Shortcomings of Existing DDoS Protection Software Using Software-Defined Networking

Addressing Shortcomings of Existing DDoS Protection Software Using Software-Defined Networking SSP 2018, Hildesheim Lukas Ifflnder , Stefan Geissler, Jrgen Walter, Lukas Beierlieb, Samuel Kounev 08.11.2018

677 views • 46 slides
This time Digging into Networking Protocols With a particular focus on TCP details, a t t a c

This time Digging into Networking Protocols With a particular focus on TCP details, a t t a c

This time Digging into Networking Protocols With a particular focus on TCP details, a t t a c k s, and defenses Layer 3: (Inter)network layer Bridges multiple subnets to provide end-to-end internet connectivity between nodes 7

1.59k views • 134 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Towards a Vecsigrafo Portable Semantics in Knowledge-based Text Analytics Ronald Denaux &

Towards a Vecsigrafo Portable Semantics in Knowledge-based Text Analytics Ronald Denaux &

Towards a Vecsigrafo Portable Semantics in Knowledge-based Text Analytics Ronald Denaux & Jos Manuel Gmez Prez HSSUES Oct. 21st, 2017 The Cognitive Chasm How can humans and AI interact with and understand each other? Is this

471 views • 17 slides
Cryptography Markus Kuhn Computer Laboratory, University of Cambridge

Cryptography Markus Kuhn Computer Laboratory, University of Cambridge

Cryptography Markus Kuhn Computer Laboratory, University of Cambridge https://www.cl.cam.ac.uk/teaching/1819/Crypto/ These notes are merely provided as an aid for following the lectures. They are no substitute for attending the course. Lent

1.26k views • 108 slides
Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography

Related textbooks Main reference: Security II: Cryptography Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography Chapman & Hall/CRC, 2nd ed., 2014 Further reading: Markus Kuhn Christof Paar, Jan Pelzl: Understanding

794 views • 27 slides

More recommend