Presentation is loading. Please wait.

Presentation is loading. Please wait.

Johns Hopkins university

Published byMildred Montgomery Modified over 6 years ago

Similar presentations

Presentation on theme: "Johns Hopkins university"— Presentation transcript:

1 Johns Hopkins university
On the Effect of Router Buffer Sizes on Low-rate Denial of Service Attacks Sandeep Sarat Andreas Terzis Johns Hopkins university

2 Router Buffers Packets are buffered during congestion epochs.
Buffer sizing. “Traditional” rule of thumb: [AKM04] result: B,B’ – buffer size. – average round trip time. N the number of flows sharing the link. C the capacity of the link.

3 Consequences Link utilization not affected by smaller buffer size [AKM04]. Question: are denial of service attacks more effective in this setting? Router dos attack categories: Brute force: flood the link. Low-rate: pulsing attack, with low average rate.

4 Shrew: Low Rate Denial of Service Attack
Idea: keep the buffer full for a sufficiently long time: O(RTT). Result: multiple drops from the same flow. Average attack rate = p*l/t. T = min{RTO} of flows (= 1 second).

5 Shrew Attack (Continued)
Low-RTT flows penalized more heavily. Overall link utilization is reduced. Low-rate TCP-targeted denial of service attacks (the shrew vs. the mice vs. the elephant). A. Kuzmanovic, E. Knightly, SIGCOMM 03 .

6 Traffic Analysis Minimum input traffic to keep the buffer full for seconds= B0 is the instantaneous queue size. Worst case scenario: link is fully utilized by TCP and other traffic. Total shrew traffic Is the fraction of the buffer full at the onset of the attack.

7 Traffic Analysis (Contd.)
With a unit increase in m, each shrew needs to increase its mean rate by Fair queuing schemes can limit a flow’s average sending rate to O(C/N). As m increases, shrews are forced to increase their sending rate above C/N threshold

8 Evaluation Used ns-2 for verification. Classic dumb-bell topology.
RTTs range uniformly between ms [FK02]. Buffer size is varied as Use a fairness enforcing active queue Management (AQM) scheme. Red-pd.

9 Red-pd Use RED packet drop history to determine malicious flows.
Intuition: more drops  higher bandwidth. Configurable target round trip time parameter – R Calculate the average sending rate f of a flow P is the ambient loss rate. Protects flows with RTT > R. We experiment with R=40ms and R=120ms.

10 Low-speed Link 10 mbps, 20 TCP flows, 1 shrew.
P = 10 mbps, l = 200 ms, T = 1.2 sec. Compare utilization with an equivalent CBR flow. Utilization of link: M = 2, R = 120 ms, within 91% of non-shrew scenario.

11 High Speed Link OC-3 (155 mbps). 250 flows, 10 shrews ( 4%).
P = 20 mbps, l = 200 ms, T = 1.2 s. Utilization of link: M = 5, R = 120 ms, within 99% of non-shrew scenario.

12 Shrew Rate Increase From analysis.
Increase in buffer size size  increase in sending rate. Almost linear increase, as analysis shows. The shrew rate grows to a considerable proportion of the link capacity: no longer low-rate.

13 Summary A moderate increase in buffer size over the Stanford model renders the shrew ineffective. Shrews need to send faster to fill up the buffer, and are no longer low-rate. Caveat: we need an AQM scheme to detect the malicious flow. Question: can we detect without an AQM scheme?

Download ppt "Johns Hopkins university"

Similar presentations

RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.

RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.
RED Enhancement Algorithms By Alina Naimark. Presented Approaches Flow Random Early Drop - FRED By Dong Lin and Robert Morris Sabilized Random Early Drop.

RED Enhancement Algorithms By Alina Naimark. Presented Approaches Flow Random Early Drop - FRED By Dong Lin and Robert Morris Sabilized Random Early Drop.
CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.

CSIT560 Internet Infrastructure: Switches and Routers Active Queue Management Presented By: Gary Po, Henry Hui and Kenny Chong.
Congestion Control Reasons: - too many packets in the network and not enough buffer space S = rate at which packets are generated R = rate at which receivers.

Congestion Control Reasons: - too many packets in the network and not enough buffer space S = rate at which packets are generated R = rate at which receivers.
Congestion Control Algorithms: Open Questions Benno Overeinder NLnet Labs.

Congestion Control Algorithms: Open Questions Benno Overeinder NLnet Labs.
Congestion Control: TCP & DC-TCP Swarun Kumar With Slides From: Prof. Katabi, Alizadeh et al.

Congestion Control: TCP & DC-TCP Swarun Kumar With Slides From: Prof. Katabi, Alizadeh et al.
Selfish Behavior and Stability of the Internet: A Game-Theoretic Analysis of TCP Presented by Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Selfish Behavior and Stability of the Internet: A Game-Theoretic Analysis of TCP Presented by Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.
The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)

The War Between Mice and Elephants LIANG GUO, IBRAHIM MATTA Computer Science Department Boston University ICNP (International Conference on Network Protocols)
XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.

XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
By Sam Rossoff. The Red Police Controlling High- Bandwidth Flows at the Congested Router By Ratul Mahajan Sally Floyd and David Wetherall.

By Sam Rossoff. The Red Police Controlling High- Bandwidth Flows at the Congested Router By Ratul Mahajan Sally Floyd and David Wetherall.
One More Bit Is Enough Yong Xia, RPI Lakshminarayanan Subramanian, UCB Ion Stoica, UCB Shivkumar Kalyanaraman, RPI SIGCOMM’05, August 22-26, 2005, Philadelphia,

One More Bit Is Enough Yong Xia, RPI Lakshminarayanan Subramanian, UCB Ion Stoica, UCB Shivkumar Kalyanaraman, RPI SIGCOMM’05, August 22-26, 2005, Philadelphia,
The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP 2001 1.

The War Between Mice and Elephants Presented By Eric Wang Liang Guo and Ibrahim Matta Boston University ICNP
1 Minseok Kwon and Sonia Fahmy Department of Computer Sciences Purdue University {kwonm, All our slides and papers.

1 Minseok Kwon and Sonia Fahmy Department of Computer Sciences Purdue University {kwonm, All our slides and papers.
AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.

AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.
Presented by Prasanth Kalakota & Ravi Katpelly

Presented by Prasanth Kalakota & Ravi Katpelly
Buffer Sizing for Congested Internet Links Chi Yin Cheung Cs 395 Advanced Networking.

Buffer Sizing for Congested Internet Links Chi Yin Cheung Cs 395 Advanced Networking.
6/16/20151 On Designing Improved Controllers for AQM Routers Supporting TCP flows By C.V Hollot, Vishal Mishra, Don Towsley and Wei-Bo Gong Presented by.

6/16/20151 On Designing Improved Controllers for AQM Routers Supporting TCP flows By C.V Hollot, Vishal Mishra, Don Towsley and Wei-Bo Gong Presented by.
EE689 Lecture 5 Review of last lecture More on HPF RED.

EE689 Lecture 5 Review of last lecture More on HPF RED.

Similar presentations

Ads by Google