Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial."— Presentation transcript:

1 An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial Engineering Seok Bong Jeong

2 2 통신시스템인터넷보안연구실 I. Introduction II. Placement of Distributed Detection Systems Objectives for DDS placement DS placement problem III. Numerical Results IV. Conclusions Contents

3 3 통신시스템인터넷보안연구실 I. Introduction (1) ▣ The Internet infrastructure is highly vulnerable to distributed attacks (DDoS attacks and flash crowds) ▣ DDoS attacks ◈ DDoS attacks do not rely on particular network protocols or system weaknesses. ◈ DDoS attacks simply exploit the huge resource asymmetry between the Internet and the victim. ▣ Flash crowds ◈ FCs occur when a large number of users try to access the same server simultaneously. ◈ FCs overload the network links, routers, and server itself. attacker Agents (daemon or zombies) Masters (handlers) victim DDoS Attacks

4 4 통신시스템인터넷보안연구실 I. Introduction (2) ▣ Several approaches to defend against distributed attacks ◈ EMERALD, GrIDS, JAM, JiNao, AAFID ▣ Challenging tasks to design an effective and deployable DDS ◈ A variety of algorithmic and engineering design issues ◈ What is the minimum number of DSs required? ◈ Optimal placement of DSs ▣ Objectives of this paper ◈ We focus on the placement problem of DSs across large scale networks for distributed intrusion detection approaches. ◈ Minimize the overall number of DSs ◈ Limiting possible nodes that can be participate in an attack

5 5 통신시스템인터넷보안연구실 II. Objectives for DDS placement ▣ Assumption ◈ All attack traffic passing through sensor nodes that perform DS are detected ◈ Routing is performed by the shortest path between two nodes ◈ DSs are placed in nodes 3, 4, and 7 ▣ Possible Attack nodes to node i, A(i) ◈ A(1) = {node 2} ◈ A(5) = {node 0, node 6, node 8, node 9} ◈ Node 1 is more robust than node 5

6 6 통신시스템인터넷보안연구실 II. Objectives for DDS placement ▣ DDS placement issues ◈ It is impossible to implement DSs in all nodes in a network ◈ Most distributed attacks (e.g. DDoS attack) become critical threats when a great number of nodes (e.g. servers or hosts) participate in an attack ◈ Thus, if we place DDSs across the network in a well distributed manner, the impact of attacks can be sufficiently localized and minimized and can thus be ignored. ▣ Key Objectives of placing DSs ◈ Minimize the total number of the DSs ◈ Minimize the number of nodes that could send the attack packets to any other nodes that are separated by more than the given number of hops without passing through sensors ◈ Find the optimal placement of the DSs

7 7 통신시스템인터넷보안연구실 III. DS placement problem (DSPP) – (1) ▣ Notations ◈ G = (V, E) : an undirected graph representing Internet topology –Each node in V can be interpreted as a router or an autonomous system ◈ T : a subset of nodes where intrusion detection is performed ◈ : the coverage ratio. ◈ : be the localization factor ◈ : the number of nodes that are more than hops apart from node and can send attack packets to node without passing through DSs. – :every attack can be localized to within a small set of candidate nodes with a distance of less than r hops from node –. :all attack packets destined to node i are detected because all traffic destined to node i must pass through at least one DS ◈ (DSPP1)

8 8 통신시스템인터넷보안연구실 III. DS placement problem (DSPP) – (2) ▣ Notations ◈ : be the decision variable, which is 1 if node i performs DS and 0 otherwise ◈ : be the subset of, which is composed of the edges that connect the nodes that perform DS. ◈ : the distance between node i and j ◈ : if the distance between node i and j is more than r, and 0 elsewhere in G` ▣ DSPP2 where

9 9 통신시스템인터넷보안연구실 III. DS placement problem (DSPP) – (3) ▣ Set packing problem ◈ is a packing with respect to if for all. ◈ Each packing is composed of nodes that are not DS nodes ◈ The maximum value of for all nodes in a packing should be less than r ◈ is the decision variable, which is 1 if the index j of is included in the set packing F, and 0 otherwise ◈ Let be the coefficient, which is 1 if the node i is included in, and 0 otherwise. ▣ (DSPP3)

10 10 통신시스템인터넷보안연구실 III. DS placement problem (DSPP) – (4)

11 11 통신시스템인터넷보안연구실 V. Numerical Results (1)

12 12 통신시스템인터넷보안연구실 V. Numerical Results (2) (a) (b) (c)

13 13 통신시스템인터넷보안연구실 Conclusions ▣ We have presented a DSs placement approach in order to detect distributed attacks. ▣ Perfect detection is difficult to achieve in the Internet environment while maintaining sparse coverage. However, this is mitigated by the fact that attack traffic that can escape the DS can be localized within r hops. ▣ Our scheme reduces the total number of DSs while localizing attack candidate sources

Download ppt "An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial."

Similar presentations

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.

1 Intrusion Monitoring of Malicious Routing Behavior Poornima Balasubramanyam Karl Levitt Computer Security Laboratory Department of Computer Science UCDavis.
A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.

A 2 -MAC: An Adaptive, Anycast MAC Protocol for Wireless Sensor Networks Hwee-Xian TAN and Mun Choon CHAN Department of Computer Science, School of Computing.
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.

Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks Mingyan Li, Iordanis Koutsopoulos, Radha Poovendran (InfoComm ’07) Presented.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—3-1 Medium-Sized Routed Network Construction Reviewing Routing Operations.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—3-1 Medium-Sized Routed Network Construction Reviewing Routing Operations.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.

Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.

On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.

Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #5 Mobile Ad-Hoc Networks TBRPF.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #5 Mobile Ad-Hoc Networks TBRPF.
Spring 20071 Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.

Spring Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.

Similar presentations

Ads by Google