Presentation is loading. Please wait.

Presentation is loading. Please wait.

Countering Large-Scale Internet Pollution and Poisoning Aleksandar Kuzmanovic Northwestern University

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Countering Large-Scale Internet Pollution and Poisoning Aleksandar Kuzmanovic Northwestern University"— Presentation transcript:

1 Countering Large-Scale Internet Pollution and Poisoning Aleksandar Kuzmanovic Northwestern University http://www.cs.northwestern.edu/~akuzma/

2 Aleksandar Kuzmanovic 2 Problem and Approach (general) Denial of service (DoS) attacks in the Internet –Serious problem –Becoming more and more sophisticated Approach I –Search for new classes of DoS attacks and system vulnerabilities It is interesting; it makes sense; it is relevant; Approach II –Exploit asymmetric costs Small efforts by defenders will require attackers to multiply the amount of resources (e.g., bandwidth, time, precision) Raise the bar high enough to make the attacks hard (vs. impossible) to conduct

3 Aleksandar Kuzmanovic 3 Pollution in P2P File Sharing Systems Music industry vs. p2p networks Our work: –Denial-of-Service Resilience in Peer-to-Peer File Sharing Systems In Proceedings of ACM SIGMETRICS 2005. Insight –Despite highly replicated content and a decentralized system design, pollution attacks can be highly effective Is it feasible to conduct similar type of attacks in the Internet at a large scale?

4 Aleksandar Kuzmanovic 4 Large-Scale TCP Poisoning Attacks Attack scenario –“Sniff and shoot” –Extremely easy to desynchronize TCP endpoints a single packet needed (e.g., low rate attacks)

5 Aleksandar Kuzmanovic

6

7

8 8 Large-Scale TCP Poisoning Attacks (II) Our Approach –No explicit security association between endpoints –Protocol design Raise the bar “high enough” to exploit asymmetric costs Solution-specific details –Deferred protocol reaction –Forward hashing –Self-clocking correlation method Kernel-level implementation in FreeBSD

9 Aleksandar Kuzmanovic 9 Fact: –Majority of requests for Web, p2p, and DNS are served from caches Pollution Attacks against Internet Caches

10 Aleksandar Kuzmanovic 10 Pollution Attack Scenarios (I) Attacking a web cache Attacking an ISP cache

11 Aleksandar Kuzmanovic 11 Pollution Attack Scenarios (II) ① ② ③ ④ ⑤ ⑥ ⑦ ⑧ Pollution attack against a local DNS server

12 Aleksandar Kuzmanovic 12 Pollution Attack Classes (I) ….... Locality-disruption attacks Cache ….... Cache Before attackAfter attack Popular files New unpopular files

13 Aleksandar Kuzmanovic 13 Pollution Attack Classes (II) ….... False locality attacks Cache ….... Cache Before attackAfter attack Popular files Bogus popular files

14 Aleksandar Kuzmanovic 14 Our Solution Design goals –High accuracy and scalability Approach –Streaming computation techniques, i.e., Bloom filters Squid-based implementation Squid AE Daemon AEI Spawn Signal Triggered Module File Detection Module (Main part) Auxiliary part of Detection Module A pair of pipes

15 Aleksandar Kuzmanovic 15 Summary Actively searching (and developing solutions) for new types of DoS attacks Pollution and poisoning –P2p networks, TCP, Internet caches Solutions –Exploit asymmetric costs between defenders and attackers –Prototype implementations

Download ppt "Countering Large-Scale Internet Pollution and Poisoning Aleksandar Kuzmanovic Northwestern University"

Similar presentations

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.

Ph.D. Thesis Presentation Aleksandar Kuzmanovic Edge-based Inference, Control, and DoS Resilience for the Internet.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.

Networking Problems in Cloud Computing Projects. 2 Kickass: Implementation PROJECT 1.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Computer Science Generating Streaming Access Workload for Performance Evaluation Shudong Jin 3nd Year Ph.D. Student (Advisor: Azer Bestavros)

Computer Science Generating Streaming Access Workload for Performance Evaluation Shudong Jin 3nd Year Ph.D. Student (Advisor: Azer Bestavros)
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Ao-Jan Su and Aleksandar Kuzmanovic Department of EECS Northwestern University Thinning Akamai USENIX/ACM SIGCOMM IMC ’08.

Ao-Jan Su and Aleksandar Kuzmanovic Department of EECS Northwestern University Thinning Akamai USENIX/ACM SIGCOMM IMC ’08.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University

The Power of Explicit Congestion Notification Aleksandar Kuzmanovic Northwestern University
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS 265 - Security Engineering Spring 2003 San Jose State University.

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University

A Poisoning-Resilient TCP Stack Amit Mondal Aleksandar Kuzmanovic Northwestern University
Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.

Aleksandar Kuzmanovic & Edward W. Knightly A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Similar presentations

Ads by Google