We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMaribel Manders
Modified about 1 year ago
Copyright© Telecom-ISAC Japan. All Rights Reserved. 1 Traceback Research & Experiments Against Source Address Attacks APRICOT2010 Japan Data Communications Association Telecom-ISAC Division Ken Wakasa
Copyright© Telecom-ISAC Japan. All Rights Reserved. 2 Traceback Research project * A research project offered by NICT(*), started 2005 by the Consortium of six parties * Goal of the project is Demonstration Experiment of traceback Research and development ： Experiment preparations ： Investigation / examination / document making Consortium (five other parties) Large Scale Demonstration Experiment (*) NICT stands for National Institute of Information and Communications Technology. (CY) JADAC Demonstration Experiment
Copyright© Telecom-ISAC Japan. All Rights Reserved. 3 Schedule Large Scale Demonstration Experiment Demonstration Experiment Trial Test Closed Environment ISP Environment Research Center Development Environment ISP Surveys Legal Requirements Simulation 2005 IEEE PacRim IEEE CCNC IEEE WAIS APRICOT 2010
Copyright© Telecom-ISAC Japan. All Rights Reserved. 4 Three fundamental issues greatly influence one another. Legal issue Operational issue Technical issue Privacy of Communications
Copyright© Telecom-ISAC Japan. All Rights Reserved. 5 Measures of Satisfy Requirements
Copyright© Telecom-ISAC Japan. All Rights Reserved. 6 Traceback Platform outline ISP Network System Layer ISP Network Traceback Probes Control Facility between ISPs Management System
Copyright© Telecom-ISAC Japan. All Rights Reserved. 7 Traceback System outline ISP(a) ISP(b) ISP(c) IDS TB-DB TB Controller Prove Real attack TB Control Facility Incident Attack from spoofed IP addresses 3. Detect the real attack path After an incident be recognized, TB- Operator analyze TB-DB by attack packet’s HASH, and detect the real attack path. 2. Store suspicious information. Whenever IDS notify suspicious attacks, TB controller calculates the attack packet’s HASH, and automatically recursive analyze its AS map with neighbor AS’s TB manager, and store it to TB-DB. 1. Store HASH data temporary. Each probe convert packet to HASH, and store own cache automatically.
Copyright© Telecom-ISAC Japan. All Rights Reserved. 8 A Scenario for the Simulated attack experiments Attacker ISP Victim ISP Attacker Victim Traceback Control Facility 1 Simulated attacks with source IP spoofed 2 Request the ISP to respond Data Base 3 Confirm the automatic trace 4 Request the traceback control facility Identify the attacker ISP 5 6 Request the ISP 7 Take measures Internet
Copyright© Telecom-ISAC Japan. All Rights Reserved. 9 Evaluation of Equipment Adoption rates and Tracing Success Rates Best Deployment Scenario –First introduce to small/mid-size ASs rather than starting with larger-scale ASs. Result of a simulation with.JP domain model –Twelve small-/middle-scale ASs 21.75% –1 st ranked AS 58.35% –Eighteen small-/middle-scale ASs and 2 nd ranked AS 70.74%
Copyright© Telecom-ISAC Japan. All Rights Reserved. 10 Large Scale Demonstration Experiments With Fifteen ISPs and Three research centers From Apr to Sep in Measurement System Performance 2. Simulated Attack Outcomes a) DDoS simulated attack b) Multiple simultaneous DDoS simulated attacks c) DDoS simulated attack conducted without detailed prior information d) DDoS simulated attack among two traceback systems e) DDoS simulated attack experiments conducted while system performance was reduced and problems introduced f) DNS reflection simulated attack 3. Real Attacks Good Not good Good Not good
Copyright© Telecom-ISAC Japan. All Rights Reserved. 11 Measurement of System Performance Measured the traceback processing time –Pattern one Connected to one another. Request to all ISPs. Less than 1.0 second. –Pattern two Connected in series. Request only to the next ISP. Average 3.0 seconds, the worst 4.0 second. Most suitable value of hash table refresh time is 4.0 second.
Copyright© Telecom-ISAC Japan. All Rights Reserved. 12 Measurement of System Performance
Copyright© Telecom-ISAC Japan. All Rights Reserved. 13 Future issues to widespread adoption Experiment preparations Demonstration Experiment 5 key factors completing the operational model Scenario for demonstration experiments (Simulated attacks) Issues from first experiments with five ISPs Issues from second experiments with fifteen ISPs Survey to ISPs Future issues to be addressed to enable widespread adoption 1.Traceback operational processes should be designed to adapt to the real world. 2.Traceback success rates should be more than 50%. 3.Hash data should be calculated by standard ISP network equipment. 4.Traceback software and operations must be highly secure. We need next traceback project to resolve and validate these issues.
Copyright© Telecom-ISAC Japan. All Rights Reserved. 14 Any Questions ? Please send me any questions by .
1 A trial of IP Traceback System in Interop Tokyo 2008 Hiroaki Hazeyama Nara Institute of Science and Tech.
1 Systems Engineering A Way of Thinking A Way of Doing Business Enabling Organized Transition from Need to Product August 1997 Systems Engineering Technical.
Common types of online attacks Dr.Talal Alkharobi.
Copyright 2011 John Wiley & Sons, Inc Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons, Inc.
1 CHAPTER 9 INFORMATION SECURITY Management Information Systems, 9 th edition, By Raymond McLeod, Jr. and George P. Schell © 2004, Prentice Hall, Inc.
Understanding m-commerce payment systems through the analytic hierarchy process Yuntsai Chou*, Chiwei Lee, Jianru Chung 1.
GENI Distributed Services Preliminary Requirements and Design Tom Anderson and Amin Vahdat (co-chairs) David Andersen, Mic Bowman, Frans Kaashoek, Arvind.
Distributed Computing Dr. Eng. Ahmed Moustafa Elmahalawy Computer Science and Engineering Department.
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
Introduction to CDIO: Key Features & Components Dennis Sale Senior Education Advisor Singapore Polytechnic.
Competency Approach to Human Resource Management.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
1 Grand Challenges in Achieving Dynamic Spectrum Access Preston Marshall Defense Advanced Research Projects Agency Advanced.
Chapter - 5 Understanding Requirements Unit II. Introduction Definition : “The broad spectrum of tasks and techniques that lead to an understanding of.
Toward Innovative Model based Enterprise IT Outsourcing NGEBIS Workshop at CAISE 2013 Vinay Kulkarni and Sagar Sunkle.
Using UML, Patterns, and Java Object-Oriented Software Engineering Chapter 4, Requirements Elicitation.
Communication Systems An Overview Paul Norman Communication and Information Systems Modelling.
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
Silberschatz, Galvin and Gagne ©2010 Operating System Concepts Essentials – 8 th Edition Chapter 16: Windows 7.
MyPower Pricing Pilot Final Findings myPower Pricing Pilot Segments Final Evaluation Report Presentation at National Town Meeting on Demand Response Washington,
Presented By : Vibhuti Dhiman. Outline : 1.Paper Abstract 2. Introduction 3.Design and Implementation 3.1 Event Propagation 3.2 HyperFlow Controller Application.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Planning, Deploying and Managing a Microsoft VDI Infrastructure Level Advanced.
Vance Wilson, Ph.D. James Connolly, Ph.D. © 2009, E. Vance Wilson - All Rights Reserved The SALVO Method for User Interface Development Hosted by Sal.
… because good research needs good data KeepIt #5: University of Northampton, 30 March 2010 Funded by: This work is licensed under the Creative Commons.
CDFI Loan Policies and Procedures Portfolio Management Series Webinar Developed and delivered by.
ICPSR and the Data Seal of Approval Mary Vardigan Assistant Director, ICPSR December 10, 2012.
McGraw-Hill/IrwinCopyright © 2011 by The McGraw-Hill Companies, Inc. All Rights Reserved. fundamentals of Human Resource Management 4 th edition by R.A.
Chapter 10 Implementing Electronic Commerce Security Gary Schneider, 2003.
UNIT I FUNDAMENTAL OF E-COMMERCE 1.1INTRODUCTION TO E-COMMERCE 1.2 DRIVING FORCES OF E-COMMERCE 1.3 BENEFITS AND LIMITATIONS OF E-COMMERCE 1.4 DATA MINING.
MAPP Process & Outcome Evaluation. Good Evaluation… Is not an afterthought or something that is done only if there is extra money. Measures progress and.
© 2016 SlidePlayer.com Inc. All rights reserved.