DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith.

Slides:



Advertisements
Similar presentations
REFLEX INTRUSION PREVENTION SYSTEM.. OVERVIEW The Reflex Interceptor appliance is an enterprise- level Network Intrusion Prevention System. It is designed.
Advertisements

Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Defending Against Denial of Service Attacks Presented By: Jordan Deveroux 1.
Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Availability Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Aspects of Computer.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Distributed Reflection Denial of Service Networking Talks for the Insufficiently Paranoid Based on:
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Network Attacks Mark Shtern.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Computer Security and Penetration Testing
Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
SYN Flooding: A Denial of Service Attack Shivani Hashia CS265.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.
Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.
TCP/IP Basics A review for firewall configuration.
Lecture 15 Denial of Service Attacks
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
Anomaly Detection and Mitigation. Outline DoS and DDoS Anomaly Detection and Mitigation Systems Cisco DDoS Anomaly Detection and Mitigation Solutions.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
Lecture 22 Page 1 Advanced Network Security Other Types of DDoS Attacks Advanced Network Security Peter Reiher August, 2014.
Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Distributed Denial of Service Attacks Dennis Galinsky, Brandon Mikelaitis, Michael Stanley Brandon Williams, Ryan Williams.
Seminar Presentation IP Spoofing Attack, detection and effective method of prevention. Md. Sajan Sana Ansari Id: /8/20151.
Network security Further protocols and issues. Protocols: recap There are a few main protocols that govern the internet: – Internet Protocol: IP – Transmission.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Web Application Firewall (WAF) RSA ® Conference 2013.
CSC8320. Outline Content from the book Recent Work Future Work.
Source-End Defense System against DDoS attacks Fu-Yuan Lee, Shiuhpyng Shieh, Jui-Ting Shieh and Sheng Hsuan Wang Distributed System and Network Security.
MAANAS GODUGUNUR SHASHANK PARAB SAMPADA KARANDIKAR.
--Harish Reddy Vemula Distributed Denial of Service.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Distributed Denial of Service Attacks
Group 8 Distributed Denial of Service. DoS SYN Flood DDoS Proposed Algorithm Group 8 What is Denial of Service? “Attack in which the primary goal is to.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.
1 Defense Strategies for DDoS Attacks Steven M. Bellovin
P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao
DoS/DDoS attack and defense
Distributed Denial of Service (DDoS)
Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.
By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)
Denial of Service A comparison of DoS schemes Kevin LaMantia COSC 316.
Network Security SUBMITTED BY:- HARENDRA KUMAR IT-3 RD YR. 1.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.
DDoS Attacks on Financial Institutions Presentation
Outline Basics of network security Definitions Sample attacks
Defending Against DDoS
Preventing Internet Denial-of-Service with Capabilities
Outline Basics of network security Definitions Sample attacks
Outline Basics of network security Definitions Sample attacks
Presentation transcript:

DDoS Defense: Utilizing P2P architecture By Joshua Aslan Smith

Overview ● Anatomy of a DDoS attack ● Example DDoS attack ● Cost of DDoS attacks ● Current State of DDoS defense ● Proposed System ● Financial Analysis

Anatomy of a DDoS Attack ● DDoS = Distributed Denial of Service ● Goal of attack: Deny legitimate users access

Anatomy of a DDoS Attack ● Attacker can be anyone: hacktivist, business competitor, military or script kiddie. ● Botnets can be rented for 9 dollars an hour or 70 dollars a day ● Freeware applications allow anyone ● to participate or launch an attack.

Anatomy of a DDoS attack

Example of a DDoS Attack ● SYN floods rely on the trusting nature of the SYN → SYN-ACK → ACK handshake. ● A malicious attacker sends SYN requests, but does not send ACK after getting SYN-ACK ● System resources are tied up by malicious requests, leaving none for legitimate users.

Cost of DDoS Attacks 2012 Survey on costs of DDoS Attacks.

Current State of DDoS Defense ● Based on victim network. ● Largely Autonomus. ● Passive Defenses: Firewalls and Protocol filtering. ● Reactive Defenses: Rate-Limiting, Filtering

Proposed System ● P2P architecture based. ● Wide deployment (edge networks and intermediate networks. ● Incorporate pattern and anomaly detection into system and share information between peers and regional databases ● Utilize Pushback actively stop DDoS attack streams.

Proposed System ● Pushback: A node sends out a message identifying the malicious packets and sends it to any nodes 1 hop away that are delivering the packets. ● Those nodes start dropping the packets and also send out a message advising the nodes in the next hop to do the same.

Limitations ● Would require a very wide adoption for both the pushback mechanism and the sharing of anomaly and pattern detection data to be successful. ● Adoption by intermediate networks may not happen as there is little incentive for them to do so. ● Source networks even less likely to adopt, limiting pushback capability.

Financial Analysis ● Cyber Security 63 billion dollars in 2011 a projected CAGR of 11.3% between 2012 and 2017 ● Increase in ease of attacks means attacks more likely to occur and security against DDoS attacks needs to be invested in. ● Attacks can cost up to 4.5 billion on average and result in a loss of 3.7% of customers

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.