Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tracing Cyber Attacks Areej Al-Bataineh

Published byDamon Gardner Modified over 5 years ago

Similar presentations

Presentation on theme: "Tracing Cyber Attacks Areej Al-Bataineh"— Presentation transcript:

1 Tracing Cyber Attacks Areej Al-Bataineh
Frequently, presenters must deliver material of a technical nature to an audience unfamiliar with the topic or vocabulary. The material may be complex or heavy with detail. To present technical material effectively, use the following guidelines from Dale Carnegie Training®. Consider the amount of time available and prepare to organize your material. Narrow your topic. Divide your presentation into clear segments. Follow a logical progression. Maintain your focus throughout. Close the presentation with a summary, repetition of the key steps, or a logical conclusion. Keep your audience in mind at all times. For example, be sure data is clear and information is relevant. Keep the level of detail and vocabulary appropriate for the audience. Use visuals to support key points or steps. Keep alert to the needs of your listeners, and you will have a more receptive audience. 11/19/2018 Tracing Cyber Attacks

2 Tracing cyber attacks from the practical perspective
Zhiqiang Gao and Nirwan Ansari Communications Magazine, IEEE May 2005 In your opening, establish the relevancy of the topic to the audience. Give a brief preview of the presentation and establish value for the listeners. Take into account your audience’s interest and expertise in the topic when choosing your vocabulary, examples, and illustrations. Focus on the importance of the topic to your audience, and you will have more attentive listeners. 11/19/2018 Tracing Cyber Attacks

3 Outline Introduction IP Traceback Objective
Classification of IP Traceback Schemes Evaluation of Representative Schemes Conclusion Future Work If you have several points, steps, or key ideas use multiple slides. Determine if your audience is to understand a new idea, learn a process, or receive greater depth to a familiar concept. Back up each point with adequate explanation. As appropriate, supplement your presentation with technical support data in hard copy or on disc, , or the Internet. Develop each point adequately to communicate with your audience. 11/19/2018 Tracing Cyber Attacks

4 Introduction Denial of service (DoS/DDoS) attacks
Disrupt legitimate access Costs victims financial and productivity loss Why Easy to conduct? Prevalence of attack tools Stateless nature of Internet Address Spoofing (Anonymous Attacks) Gain illegitimate access Hide attack source 11/19/2018 Tracing Cyber Attacks

5 Intrusion Countermeasure
Prevention Source/Network/Victim-based Detection Mitigation Rate limiting/statistical/path-based Response IP Traceback 11/19/2018 Tracing Cyber Attacks

6 IP Traceback Objective Difficult
Locate the actual source of attack packets Difficult Source Address Spoofing Many attack sources (DDoS) Host in stepping stone chain Reflector Zombie 11/19/2018 Tracing Cyber Attacks

7 Objectives Grasp global view Foundation for Classify Traceback schemes
Select typical schemes Focus on practicality Foundation for Developing efficient schemes And Effective schemes 11/19/2018 Tracing Cyber Attacks

8 Classification 11/19/2018 Tracing Cyber Attacks

9 Evaluation Metrics Based on Practicality
Minimum number of packets required for path reconstruction The less the better The computational overhead Good design minimize it Effectiveness under partial deployment Deployment implies more cost Robustness The ability to perform tracing reliably under adverse conditions 11/19/2018 Tracing Cyber Attacks

10 Representative Schemes
Probabilisic Packet Marking (PPM) Savage et al (2001) ICMP traceback (iTrace) Bellovin (2000) Source Path Isolation Engine (SPIE) Snoeren et al (2002) Algebraic-bases Traceback Approach (ATA) Dean et al (2002) Determinnistic Packet Marking (DPM) Belenky and Ansari (2003) Overlay-based solution (Center-Track) Stone (2000) 11/19/2018 Tracing Cyber Attacks

11 Basic PPM 11/19/2018 Tracing Cyber Attacks

12 PPM Variants Edge-Sampling with p(1-p)^d-i probability 11/19/2018
Tracing Cyber Attacks

13 PPM Variants Net result in (c) and final result in (d) 11/19/2018
Tracing Cyber Attacks

14 Analysis of PPM Pros Cons Good for DoS, not for large-scale DDoS
Low router overhead Support of incremental deployment “Post-mortem” tracing Cons Heavy computational load for path reconstruction High false-positives Spoofed marking Unaware of path length (d) in advance Subverted routers Good for DoS, not for large-scale DDoS 11/19/2018 Tracing Cyber Attacks

15 Development and Solutions
Advaned and Authenticated PPM Proposed by Song et al (2001) Victim knows the mapping of upstream routers Solves problems 1,2, and 3 PPM with Non-Preemptive Compensation Proposed by Tseng et al (2004) Use counters to complement the marking info loss from upstream routers May address 1,3, and decrease false-positives (2) 11/19/2018 Tracing Cyber Attacks

16 Development and Solutions
Problem 4 Not easy to resolve in the IP layer d is known at AS level Problem 5 More difficult to resolve To solve, verification of marking info embedded by upstream routers should be done No scheme has this feature yet! 11/19/2018 Tracing Cyber Attacks

17 Basic DPM 11/19/2018 Tracing Cyber Attacks

18 Analysis of DPM Pros Cons Effectively handles DoS attack
Path construction is simpler Cons High false positives for DDoS attack Cannot identify the ingress router if attacker uses different source IP addresses for each packet 11/19/2018 Tracing Cyber Attacks

19 Development and Solutions
Tracing Multiple Attackers with DPM Proposed by Belenky and Ansari (2003) Uses hash function to contain the identity of the ingress edge router Victim uses identity to combine packets from the same source better than PPM Far less false positives than PPM Handles reflector-based DDoS Subverted routers problem (5) 11/19/2018 Tracing Cyber Attacks

20 iTrace 11/19/2018 Tracing Cyber Attacks

21 Analysis of iTrace Marking procedure similar to PPM
Shares pros and cons Differences Requires additional bandwidth More marking bits can be used (1,2 solved) Requires far fewer ICMP messages than PPM for path reconstruction 11/19/2018 Tracing Cyber Attacks

22 Comparison of ICMP and PPM
11/19/2018 Tracing Cyber Attacks

23 Development and Solutions
Intention-Driven ICMP traceback technology Proposed by Mankin et al (2001) Adds some intellegence to the marking procedure Path reconstruction is gleaned quickly Solves problems 1 and 2 Problem 3 may be addressed using PKI, but increase overhead at routers Further work on problems 4 and 5 is needed 11/19/2018 Tracing Cyber Attacks

24 Basic SPIE 11/19/2018 Tracing Cyber Attacks

25 Analysis of SPIE Deterministic logging scheme Pros Cons
Supports advanced functions like single packet tracing, transformed packet tracing (wireless) Cons Requires additional infrastructure Incurs very heavy computational, management, and storage overhead Not scalable Limited applicability 11/19/2018 Tracing Cyber Attacks

26 Development and Solutions
Large-scale IP traceback Proposed by Li et al (2004) Logging scheme by sampling Construct attack tree by correlating samples Scale well for 5000 attack sources 11/19/2018 Tracing Cyber Attacks

27 Basic Center-Track 11/19/2018 Tracing Cyber Attacks

28 Analysis of Center-Track
Pros Handles DDoS Cons Enforces heavy management burden on the network Wears out network resources (bandwidth, processing capability) due to tunnels maintenance Not scalable Limited applicability 11/19/2018 Tracing Cyber Attacks

29 Development and Solutions
Secure Overlay Service (SOS) Associative defensive method Proactive approach Employ intensive filtering and anonymity Effectively mitigate DDoS attacks No false positives Low chance for compromised routers 11/19/2018 Tracing Cyber Attacks

30 Conclusion/Future Work
IP Traceback technology is only the first step toward tackling DoS/DDos attacks Ideal tracing scheme trade-offs Identify indirect sources of DDoS Identify attackers who use stepping stone Integrating IDS with tracebak Automatic traceback Scalability Determine the best close for your audience and your presentation. Close with a summary; offer options; recommend a strategy; suggest a plan; set a goal. Keep your focus throughout your presentation, and you will more likely achieve your purpose. 11/19/2018 Tracing Cyber Attacks

31 Future Work Identify indirect sources of DDoS
Identify attackers who use stepping stone Integrating IDS with tracebak Automatic traceback Scalability 11/19/2018 Tracing Cyber Attacks

32 Questions? 11/19/2018 Tracing Cyber Attacks

Download ppt "Tracing Cyber Attacks Areej Al-Bataineh"

Similar presentations

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Introduction to IP Traceback 交通大學 電信系 李程輝 教授. 2 Outline  Introduction  Ingress Filtering  Packet Marking  Packet Digesting  Summary.

Introduction to IP Traceback 交通大學 電信系 李程輝 教授. 2 Outline  Introduction  Ingress Filtering  Packet Marking  Packet Digesting  Summary.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
Traceback Pat Burke Yanos Saravanos. Agenda Introduction Problem Definition Benchmarks and Metrics Traceback Methods  Packet Marking  Hash-based Conclusion.

Traceback Pat Burke Yanos Saravanos. Agenda Introduction Problem Definition Benchmarks and Metrics Traceback Methods  Packet Marking  Hash-based Conclusion.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Packet-Marking Scheme for DDoS Attack Prevention

Packet-Marking Scheme for DDoS Attack Prevention
By Rod Lykins.  Brief DDoS Introduction  Packet Marking Overview  Other DDoS Defense Mechanisms.

By Rod Lykins.  Brief DDoS Introduction  Packet Marking Overview  Other DDoS Defense Mechanisms.
Introduction to IP Traceback 交通大學 電信系 李程輝 教授 2004/3/26.

Introduction to IP Traceback 交通大學 電信系 李程輝 教授 2004/3/26.
Restoration and Regulation Discussion

Restoration and Regulation Discussion
Properties of Living things

Properties of Living things
With Remote Capabilities by Justin Dansby

With Remote Capabilities by Justin Dansby
Restoration and Regulation Discussion

Restoration and Regulation Discussion
All State Agencies Recycle (All StAR) Recycling Coordinator Training

All State Agencies Recycle (All StAR) Recycling Coordinator Training
AND TELECOMMUNICATIONS BUSINESS

AND TELECOMMUNICATIONS BUSINESS
Restoration and Regulation Discussion

Restoration and Regulation Discussion
Copyright © Dale Carnegie & Associates, Inc.

Copyright © Dale Carnegie & Associates, Inc.
Properties of Living things

Properties of Living things
Defending Against DDoS

Defending Against DDoS

Similar presentations

Ads by Google