October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien.

Slides:

Advertisements

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

Advertisements

Internet Indirection Infrastructure (i3 ) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002 Presented by:

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

1 Greedy Forwarding in Dynamic Scale-Free Networks Embedded in Hyperbolic Metric Spaces Dmitri Krioukov CAIDA/UCSD Joint work with F. Papadopoulos, M.

Modeling Malware Spreading Dynamics Michele Garetto (Politecnico di Torino – Italy) Weibo Gong (University of Massachusetts – Amherst – MA) Don Towsley.

Spectrum Based RLA Detection Spectral property : the eigenvector entries for the attacking nodes,, has the normal distribution with mean and variance bounded.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

I3 Status Ion Stoica UC Berkeley Jan 13, The Problem Indirection: a key technique in implementing many network services,

Introduction to Security Computer Networks Computer Networks Term B10.

1 Epidemic Spreading in Real Networks: an Eigenvalue Viewpoint Yang Wang Deepayan Chakrabarti Chenxi Wang Christos Faloutsos.

Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz HIIT Short Course August 18-20, 2003.

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

Internet Indirection Infrastructure (i3) Status – Summer ‘03 Ion Stoica UC Berkeley June 5, 2003.

THE CASE FOR PROACTIVE NETWORK SECURITY: WORMS, VIRUSES & BUSINESS CONTINUITY Presented to Dr. Yan Chen MITP 458- Information Security & Assurance Business.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Towards a More Functional and Secure Network Infrastructure Dan Adkins, Karthik Lakshminarayanan, Adrian Perrig (CMU), and Ion Stoica.

DIDS part II The Return of dIDS 2/12 CIS GrIDS Graph based intrusion detection system for large networks. Analyzes network activity on networks.

Survey of Distributed Denial of Service Attacks and Popular Countermeasures Andrew Knotts, Kent State University Referenced from: Charalampos Patrikakis,Michalis.

3/30/2005 Auburn University Information Assurance Lab 1 Simulating Secure Overlay Services.

Internet Indirection Infrastructure (i3) Ion Stoica Daniel Adkins Shelley Zhuang Scott Shenker Sonesh Surana (Published in SIGCOMM 2002) URL:

Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana UC Berkeley SIGCOMM 2002.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Analyzing the Vulnerability of Superpeer Networks Against Churn and Attack Niloy Ganguly Department of Computer Science & Engineering Indian Institute.

1 Worm Modeling and Defense Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

1. SOS: Secure Overlay Service (+Mayday) A. D. Keromytis, V. Misra, D. Runbenstein Columbia University Presented by Yingfei Dong.

Developing Analytical Framework to Measure Robustness of Peer-to-Peer Networks Niloy Ganguly.

Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.

University of California, San Diego Computer Science and Engineering Concurrent Systems Architecture Group Agile Objects: Component-based Inherent Survivability.

Final Introduction ---- Web Security, DDoS, others

Information-Centric Networks07a-1 Week 7 / Paper 1 Internet Indirection Infrastructure –Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh.

Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.

Resisting Denial-of-Service Attacks Using Overlay Networks Ju Wang Advisor: Andrew A. Chien Department of Computer Science and Engineering, University.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

CIS 442- Chapter 3 Worms. Biological and computer worms Definition, main characteristics Differences from Viruses Bandwidth consumption and speed of propagation.

Code Red Worm Propagation Modeling and Analysis Cliff Changchun Zou, Weibo Gong, Don Towsley Univ. Massachusetts, Amherst.

CODE RED WORM PROPAGATION MODELING AND ANALYSIS Cliff Changchun Zou, Weibo Gong, Don Towsley.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

An Analysis of Location-Hiding Using Overlay Networks Ju Wang and Andrew A. Chien Department of Computer Science and Engineering, University of California.

Vigilante: End-to-End Containment of Internet Worms Authors : M. Costa, J. Crowcroft, M. Castro, A. Rowstron, L. Zhou, L. Zhang, and P. Barham In Proceedings.

(CISCO) Self-Defending Networks Ben Sangster. Agenda (CISCO) Self-Defending Network Concept Why do we need SDN’s? Foundation of the CSDN? Endpoint Protection.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

The UCSD Network Telescope A Real-time Monitoring System for Tracking Internet Attacks Stefan Savage David Moore, Geoff Voelker, and Colleen Shannon Department.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

SOS: Secure Overlay Services A.Keromytis, V. Misra, and D. Rubenstein Presented by Tsirbas Rafail.

Denial-of-Service, Address Ownership,and,Early Authentication in IPv6 World (An Approach) Aditya Vutukuri From article by Pekka Nikander Ericsson Research.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

1 On the Performance of Internet Worm Scanning Strategies Authors: Cliff C. Zou, Don Towsley, Weibo Gong Publication: Journal of Performance Evaluation,

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Hiral Chhaya CDA 6133.

Routing Around Decoys Max Schuchard, John Geddes, Christopher Thompson, Nicholas Hopper Proposed in FOCI'11, USINIX Security'11 and CCS'11 Presented by:

SPYCE/May’04 coverage: A Cooperative Immunization System for an Untrusting Internet Kostas Anagnostakis University of Pennsylvania Joint work with: Michael.

Information-Centric Networks Section # 7.1: Evolved Addressing & Forwarding Instructor: George Xylomenos Department: Informatics.

1 On the Performance of Internet Worm Scanning Strategies Cliff C. Zou, Don Towsley, Weibo Gong Univ. Massachusetts, Amherst.

SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.

2016/3/13 1 Peer-to-peer system-based active worm attacks: Modeling, analysis and defense Wei Yu, Sriram Chellappan, Xun Wang, Dong Xuan Computer Communications.

COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.

Matt Jennings.  What is DDoS?  Recent DDoS attacks  History of DDoS  Prevention Techniques.

Internet Indirection Infrastructure (i3)

Epidemic spreading in complex networks with degree correlations

Threats to computers Andrew Cormack UKERNA.

Defending Against DDoS

Defending Against DDoS

Internet Indirection Infrastructure

DDoS Attack and Its Defense

Introduction to Internet Worm

Presentation transcript:

October 31st, 2003ACM SSRS'03 Tolerating Denial-of-Service Attacks Using Overlay Networks – Impact of Topology Ju Wang 1, Linyuan Lu 2 and Andrew A. Chien 1 1 CSE Department, UCSD 2 Math Department, UCSD

October 31st, 2003ACM SSRS'03 Outline Background System Model Analytical Results Summary & Future Work

October 31st, 2003ACM SSRS'03 Motivation DoS attacks compromise important websites “Code Red” worm attack on Whitehouse website Yahoo, Amazon, eBay DoS is a critical security problem Global corporations lost over $1.39 trillion (2000) 60% due to viruses and DoS attacks. FBI reports DoS attacks are on the rise => DoS an important problem

October 31st, 2003ACM SSRS'03 Denial-of-Service Attacks Attackers prevent legitimate users from receiving service Application level (large workload) Infrastructure level Internet Application Service Service Infrastructure Legitimate User

October 31st, 2003ACM SSRS'03 Denial-of-Service Attacks Attackers prevent legitimate users from receiving service Application level Infrastructure level (traffic flood) – require IP addr Internet Application Service Service Infrastructure Legitimate User

October 31st, 2003ACM SSRS'03 Use Overlay Network to Resist Infrastructure DoS Attack Applications hide behind proxy network (location-hiding)  this talk Proxy network DoS-resilient – shielding applications Need to tolerate massive proxy failures due to DoS attacks Addressed in on-going research Internet Legitimate User Overlay Network App attackers where ?

October 31st, 2003ACM SSRS'03 Overlay Network Proxy Network Topology & Location Hiding Proxy node: software component run on a host Proxy nodes adjacent iff IP addresses are mutually known Compromising one reveals IP addresses of adjacent nodes Topology = structure of node adjacency  how hard to penetrate, effectiveness of location-hiding A B Adjacent

October 31st, 2003ACM SSRS'03 Problem Statement Focus on location-hiding problem Impact of topology on location-hiding Good or robust topologies: hard to penetrate and defenders can easily defeat attackers Bad or vulnerable topologies: attackers can quickly propagate and remain side the proxy network Robust (favorable) Vulnerable (unfavorable) topologies

October 31st, 2003ACM SSRS'03 Attack: Compromise and Expose Attackers: steal location information using host compromise attacks A proxy node is: Compromised: attackers can see all its neighbors’ IP addresses Exposed: IP addresses known to attackers Intact: otherwise Overlay Network intact exposed compromised   Compromised!!

October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource Recovery: compromised  exposed/intact Proactive (periodic clean system reload) Reactive (IDS triggered system cleaning) Proxy network reconfiguration: exposed/compromised  intact Proxy migration – move proxy to a different host Overlay Network intact exposed compromised Recovered!

October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource Recovery: compromised  exposed/intact Proactive (periodic clean system reload) Reactive (IDS triggered system cleaning) Proxy network reconfiguration: exposed/compromised  intact Proxy migration – move proxy to a different host Overlay Network intact exposed compromised Move to new location!

October 31st, 2003ACM SSRS'03 Defense: Recover and Reconfigure Resource recovery + Proxy network reconfiguration Exposed  Intact (at certain probability  ) Compromised  Intact (at certain probability  ) Overlay Network intact exposed compromised Move to new location!

October 31st, 2003ACM SSRS'03 Analytical Model Model M(G, , ,  ) G: topology graph of the proxy network  : speed of attack (at prob , exp  com)  : speed of defense (at prob , com  intact)  : speed of defense (at prob , exp  intact) Nodes adjacent to a compromised node is exposed intact exposed compromised   

October 31st, 2003ACM SSRS'03 Theorem I (Robust Topologies) Average degree  1 of G is smaller than the ratio of speed between defenders and attackers:  (  +  )/  >  1 Even if many nodes are initially compromised, attackers’ impact can be quickly removed in O(logN) steps Defenders are quick enough to suppress attackers’ propagation Low average degrees are favorable      ,, ,, ,,,, ,, bad good

October 31st, 2003ACM SSRS'03 Theorem II (Vulnerable Topologies) Neighborhood expansion property  of G is larger than the ratio of speed between defenders and attackers:  >  /  Even if only one node is initially exposed, attackers’ impact quickly propagate, and will linger forever Applies to all sub-graphs Large clusters (tightly connected sub-graphs) are unfavorable hard to beat attackers inside the cluster

October 31st, 2003ACM SSRS'03 Case Study: existing overlays K-D CAN: k-dimensional Cartesian space torus RR-k: random regular graph, degree = k N-Chord: N node Chord

October 31st, 2003ACM SSRS'03 Related Work Secure Overlay Services (SOS) [Keromytis02] Use Chord to provide anonymity to hide location of secret “servlets” Internet Indirection Infrastructure (i3) [Stoica02] Uses Chord for location-hiding Didn’t analyze how secure their location-hiding schemes are We showed that Chord is not a favorable topology Our previous work [Wang03] Studied feasibility of location-hiding using proxy networks Assumed favorable topology; focused on impact of defensive mechanisms, such as resource recovery and proxy reconfiguration This work focus on impact of topology

October 31st, 2003ACM SSRS'03 Summary & Future Work Summary Studied impact of topology on location-hiding and presented two theorems to characterize robust and vulnerable topologies Derived design principles on proxy networks for location-hiding Found popular overlays (such as Chord) not favorable Future Work Impact of correlated host vulnerabilities ( ,  and  non-constant) Design proxy networks to tolerate massive failures due to DoS attacks Performance implications and resource requirement for proxy networks

October 31st, 2003ACM SSRS'03 References [Wang03] J. Wang and A. A. Chien, “Using Overlay Networks to Resist Denial-of-Service Attacks”, Technical report, CSE UCSD, [Keromytis02] A. D. Keromytis, V. Misra, and D. Rubenstein, “SOS: Secure Overlay Services”, In ACM SIGCOMM’02, Pittsburgh, PA, [Stoica02] I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana, “Internet Indirection Infrastructure”, In SIGCOMM, Pittsburge, Pennsylvania USA, 2002.