Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005."— Presentation transcript:

1 Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005

2 Outline Motivation Attack types Backscatter analysis Results Conclusion

3 Motivation “How to prevalent are DOS attacks today on the internet?” Nature of the current treats Longer term analyses of trends and recurring patterns of attacks Publish quantitative data about attacks

4 Attack Types Logic attacks  Exploit software vulnerabilities  Software patches Flooding attacks  Distributed DoS  Spoof source IP address randomly  Exhaust system resources

5 Backscatter Attacker uses randomly selected source IP address Victim reply to spoofed source IP Results in unsolicited response from victim to third party IP addresses

6 Backscatter

7 Backscatter Analysis m attack packets sent n distinct IP address monitored Expectation of observing an attack: R’ Actual rate of attack: R extrapolated attack rate

8 Analysis Assumptions Address uniformity  Spoof at random  Uniformly distributed Reliable delivery  Attack and backscatter traffic delivered reliably Backscatter hypothesis  Unsolicited packets observed represent backscatter

9 Attack classifications Flow-based  Based on target IP address and protocol  Fixed time frame (Within 5mins of most recent packet) Event-based  Based on target IP address only  Fixed time frame

10 Data collection /8 network 2^24 IP 1/256 of internet address space

11 Data collections Collect data extract following information  TCP flags  ICMP payload  Address uniformity  Port settings  DNS information  Routing information

12 Response/Used Protocols

13 Rate of attack

14 Victims by ports

15 Attack Duration Cumulative - Probability Cumulative probability density

16 Top level domain

17 Victims by Hostnames

18 Autonomous System

19 Repeated Attacks

20 Conclusion Observed 12,000 attacks against more than 5,000 distinct targets. Distributed over many different domains and ISP Small # long attacks with large % of attack volume An unexpected amount of attacks targeting home, foreign, specific ISP

21 Thanks Questions?

Download ppt "Inferring Internet Denial-of- Service Activity David Moore, Geoffrey M Voelker, Stefan Savage Presented by Yuemin Yu – CS290F – Winter 2005."

Similar presentations

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage Presented by Qian.

Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage Presented by Qian.
Use of Measurements in Anomaly Detection CS 8803: Network Measurements Seminar Instructor: Constantinos Dovrolis Fall 2003 Presenter: Buğra Gedik.

Use of Measurements in Anomaly Detection CS 8803: Network Measurements Seminar Instructor: Constantinos Dovrolis Fall 2003 Presenter: Buğra Gedik.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.

Inferring Internet Denial-of- Service Activity David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, Stefan Savage Presented by Thangam.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.

A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.

Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing Base on RFC 2827 Lector Kirill Motul.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.

Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.

Measurement and Diagnosis of Address Misconfigured P2P traffic Zhichun Li, Anup Goyal, Yan Chen and Aleksandar Kuzmanovic Lab for Internet and Security.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 7: Denial-of-Service Attacks.
Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.

Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.
10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.

10/21/20031 Framework For Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann, Christos Papadopoulos Kavita Chada & Viji Avali CSCE 790.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.

Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Design and Implementation of SIP-aware DDoS Attack Detection System.

Design and Implementation of SIP-aware DDoS Attack Detection System.

Similar presentations

Ads by Google