Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 1 Traceback Research & Experiments Against Source Address Attacks APRICOT2010 Japan Data Communications.

Published byMaribel Manders Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 1 Traceback Research & Experiments Against Source Address Attacks APRICOT2010 Japan Data Communications."— Presentation transcript:

1 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 1 Traceback Research & Experiments Against Source Address Attacks APRICOT2010 Japan Data Communications Association Telecom-ISAC Division Ken Wakasa

2 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 2 Traceback Research project * A research project offered by NICT(*), started 2005 by the Consortium of six parties * Goal of the project is Demonstration Experiment of traceback 2005 20062007 2008 2009 Research and development : Experiment preparations : Investigation / examination / document making Consortium (five other parties) Large Scale Demonstration Experiment (*) NICT stands for National Institute of Information and Communications Technology. (CY) JADAC Demonstration Experiment

3 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 3 Schedule Large Scale Demonstration Experiment Demonstration Experiment Trial Test Closed Environment ISP Environment Research Center Development Environment ISP Surveys Legal Requirements Simulation 2005 IEEE PacRim IEEE CCNC IEEE WAIS APRICOT 2010

4 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 4 Three fundamental issues greatly influence one another. Legal issue Operational issue Technical issue Privacy of Communications

5 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 5 Measures of Satisfy Requirements

6 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 6 Traceback Platform outline ISP Network System Layer ISP Network Traceback Probes Control Facility between ISPs Management System

7 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 7 Traceback System outline ISP(a) ISP(b) ISP(c) IDS TB-DB TB Controller Prove Real attack TB Control Facility Incident Attack from spoofed IP addresses 3. Detect the real attack path After an incident be recognized, TB- Operator analyze TB-DB by attack packet’s HASH, and detect the real attack path. 2. Store suspicious information. Whenever IDS notify suspicious attacks, TB controller calculates the attack packet’s HASH, and automatically recursive analyze its AS map with neighbor AS’s TB manager, and store it to TB-DB. 1. Store HASH data temporary. Each probe convert packet to HASH, and store own cache automatically.

8 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 8 A Scenario for the Simulated attack experiments Attacker ISP Victim ISP Attacker Victim Traceback Control Facility 1 Simulated attacks with source IP spoofed 2 Request the ISP to respond Data Base 3 Confirm the automatic trace 4 Request the traceback control facility Identify the attacker ISP 5 6 Request the ISP 7 Take measures Internet

9 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 9 Evaluation of Equipment Adoption rates and Tracing Success Rates Best Deployment Scenario –First introduce to small/mid-size ASs rather than starting with larger-scale ASs. Result of a simulation with.JP domain model –Twelve small-/middle-scale ASs 21.75% –1 st ranked AS 58.35% –Eighteen small-/middle-scale ASs and 2 nd ranked AS 70.74%

10 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 10 Large Scale Demonstration Experiments With Fifteen ISPs and Three research centers From Apr to Sep in 2009 1. Measurement System Performance 2. Simulated Attack Outcomes a) DDoS simulated attack b) Multiple simultaneous DDoS simulated attacks c) DDoS simulated attack conducted without detailed prior information d) DDoS simulated attack among two traceback systems e) DDoS simulated attack experiments conducted while system performance was reduced and problems introduced f) DNS reflection simulated attack 3. Real Attacks Good Not good Good Not good

11 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 11 Measurement of System Performance Measured the traceback processing time –Pattern one Connected to one another. Request to all ISPs. Less than 1.0 second. –Pattern two Connected in series. Request only to the next ISP. Average 3.0 seconds, the worst 4.0 second. Most suitable value of hash table refresh time is 4.0 second.

12 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 12 Measurement of System Performance

13 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 13 Future issues to widespread adoption Experiment preparations Demonstration Experiment 5 key factors completing the operational model Scenario for demonstration experiments (Simulated attacks) Issues from first experiments with five ISPs Issues from second experiments with fifteen ISPs Survey to ISPs 2005 2009 2010 Future issues to be addressed to enable widespread adoption 1.Traceback operational processes should be designed to adapt to the real world. 2.Traceback success rates should be more than 50%. 3.Hash data should be calculated by standard ISP network equipment. 4.Traceback software and operations must be highly secure. We need next traceback project to resolve and validate these issues.

14 Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 14 Any Questions ? Please send me any questions by e-mail. secretariat@telecom-isac.jp

Download ppt "Copyright©2004-2009 Telecom-ISAC Japan. All Rights Reserved. 1 Traceback Research & Experiments Against Source Address Attacks APRICOT2010 Japan Data Communications."

Similar presentations

1 A trial of IP Traceback System in Interop Tokyo 2008 Hiroaki Hazeyama Nara Institute of Science and Tech.

1 A trial of IP Traceback System in Interop Tokyo 2008 Hiroaki Hazeyama Nara Institute of Science and Tech.
HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.

HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
1 June 2015 Validating Inter-Domain SLAs with a Programmable Traffic Control System Elisa Boschi

1 June 2015 Validating Inter-Domain SLAs with a Programmable Traffic Control System Elisa Boschi
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.

8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Spring 2006.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Similar presentations

Ads by Google