Presentation is loading. Please wait.

Presentation is loading. Please wait.

KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST.

Published byOscar Jennings Modified over 7 years ago

Similar presentations

Presentation on theme: "KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST."— Presentation transcript:

1 KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST

2 @CSIT_QUB Detection, Mitigation and Prevention of Emerging Application Layer DDoS Attacks David Beckett, PhD Student 20/03/2015

3 Overview of Distributed Denial of Service (DDoS) Emerging Application Layer Attacks State of the art Detection and Mitigation methods Future Plans DDoS - Distributed Denial of Service

4 Distributed Denial of Service (DDoS) Attack An attempt to make a network or server unavailable to its intended users DDoS - Distributed Denial of Service

5 2008 2009 2010 2014 2007 DDoS Attacks 2010

6 Types of Attacks Infrastructure Layer (3,4) Application Layer (7) Bandwidth CPU Conns CPU Mem Sessions

7 DDoS attack types observed by Arbor Networks (2014)

8 Why will application layer attacks become popular? Content Delivery Networks -Cache static content -Global network with large infrastructure Content Delivery Networks -Cache static content -Global network with large infrastructure Infrastructure Layer (3,4) Application Layer (7) Dynamic Application Layer Attack L3/L4 DDoS Bypass CDN protection Lower bandwidth required Difficult to detect Bypass CDN protection Lower bandwidth required Difficult to detect Firewall Protection -SYN Cookies -Signature rules for fragmented packets Firewall Protection -SYN Cookies -Signature rules for fragmented packets CDN absorbs the attack

9 HTTP GET – Attacker profiles the website and requests resources with large computation loads. HTTP POST - Slow Post Attack, Sends 1000 byte form post, 1 byte every 110 seconds. SSL Attack - Creates many SSL connections, the server has a larger workload than the client. Layer 7 Request Floods CPU Sessions CPU Mem Sessions Emerging Application Layer Attacks

10 State of the Art Detection Methods User Behavior Resource Popularity Page transitions using Hidden Markov Model Layer 7 Timing Statistics Compare page size vs browsing time GET/POST request frequencies Hidden Decoy Links Home Item Basket Pay 3s 9s 4s

11 State of the Art Mitigation Methods User Puzzles – CAPTCHAs Cryptographic Puzzles Network Puzzles Cloud Computing

12 Targeted Detection Approach Resource Monitoring CPU Usage Memory Usage Session Usage Anomaly Detection Anomaly Detection

13 Targeted Mitigation Approach Use of Software Defined Infrastructure (SDI) to Re-route suspicious traffic to decoy servers Minimise damage Further analysis Scale server resources

14 Identify attackers by their affect not their behaviour Light weight Detect low rate attacks Can detect zero day attacks Future Plans Creation of attack classifier Further development of test bed Summary and Future Plan

Download ppt "KEYNOTE OF THE FUTURE 3: DAVID BECKETT CSIT PhD Student QUEEN’S UNIVERSITY BELFAST."

Similar presentations

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.

REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.

Denial of Service Attack History What is a Denial of Service Attack? Modes of Attack Performing a Denial of Service Attack Distributed Denial of Service.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Anomaly Based Intrusion Detection System

Anomaly Based Intrusion Detection System
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
19 Historical overview Main challenge: How to distribute content in high quality over the Internet cost-effectively? • Traditional “Best-effort” model:

19 Historical overview Main challenge: How to distribute content in high quality over the Internet cost-effectively? • Traditional “Best-effort” model:
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Similar presentations

Ads by Google