Presentation is loading. Please wait.

Presentation is loading. Please wait.

Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project."— Presentation transcript:

1 Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. sarah.jelinek@sun.com Spring Semester 2003, CS691 Project

2 Project Goals Ultimate goal of project –To make DDoS technology more robust Relationship to other projects –Enhancements of existing A2D2 architecture to incorporate IDIP and Alternate Proxy Servers High-level timing goals –Research and new architecture, now –Project completion planned for 9/03

3 Description - A2D2 Developed by Angela Cearns, UCCS Masters Thesis DDoS Intrusion Detection and Response Uses freeware as main detection component Modifications made to affect better response FOR MORE INFO... http://cs.uccs.edu/~chow/pub/master/acearns/doc/angThesis- final.pdf

4 A2D2, cont..

5 Strengths –Uses open source components –Portable –Configurable Weaknesses –Host Based –Local Network response –No attempt made to actively trace intruder –Possible bottleneck at firewall –Static thresholds

6 A2D2-2 Technology New technology being used –Intrusion Detection and Isolation Protocol (IDIP) –Alternate Proxy Servers Standards being adopted –IDIP Will work with other IDIP enabled Intrusion Detection Networks –Service Location Protocol (SLP) Allows discovery of registered IDIP Nodes

7 A2D2-2 What It Solves Host Based –Now a dynamic, network wide solution Will work with other IDIP enabled Intrusion Detection Networks utilizing CITRA Active Tracing of Intruder –SLP is used to discover other network IDIP services

8 A2D2-2 What It Solves, cont.. Local Response –SLP used for location of alternate proxy servers for more global response Firewall Bottleneck –Response Coordination Centralized

9 A2D2-2 & IDIP IDIP –Developed by Boeing and NAI Labs –Supports real-time tracking and containment of DDoS attacks –Three layers: Application Layer Message Layer Discovery Coordinator

10 A2D2-2 - Discovery Coordinator IDIP Discovery Coordinator –Bulk of the work done here –Network wide response coordinator –Will notify clients and client dns of alternate routes available –Standardized language used for messages and topology (CISL) –Local attack response still active if down

11 IDIP Nodes FOR MORE INFO... http://zen.ece.ohiou.edu/~inbounds/DOCS/reldocs/IDIP_Architecture.doc

12 A2D2-2 Proposed Architecture

13 Alternate Routes FOR MORE INFO... http://cs.uccs.edu/%7Echow/research/security/uccsSecurityResearch.ppt

14 Alternate Routes, cont..

15 A2D2-2 & SLP -> Alternate Routes DNS1... A2D2-2 Network IDS AAAAAAAA net-a.comnet-b.comnet-c.com DNS2 DNS3... RRR R IDIP Node A2D2-2 IDIP DC SLP Discovery and communication Proxy1 IDIP Node Proxy2 IDIP Node Proxy3 IDIP Node R2 R1 R3 Block and traceback Attack msgs blocked by IDS New route via Proxy3 to R3 Local IDS Response

16 A2D2-2 Futures IDIP Redundant/Cooperative Discovery Coordinators Discovery Coordinator Response Optimization Enhancements Updates To Snort Secure DNS (already started?)

Download ppt "Autonomous Anti-DDoS Network V2.0 (A2D2-2) Sarah Jelinek University Of Colorado, Colo. Spgs. Spring Semester 2003, CS691 Project."

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Self-Managing Anycast Routing for DNS

Self-Managing Anycast Routing for DNS
Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.

Josh Alcorn Larry Brachfeld An in depth review of ad hoc mobile network & cloud security concerns.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Extensible Networking Platform 1 1 - IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood

Extensible Networking Platform IWAN 2005 Extensible Network Configuration and Communication Framework Todd Sproull and John Lockwood
Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.

Agent Caching in APHIDS CPSC 527 Computer Communication Protocols Project Presentation Presented By: Jake Wires and Abhishek Gupta.
Behavior Intrusion Detection: Enhanced Hakan Evecek Rodolfo Ortiz Hakan Evecek Rodolfo Ortiz.

Behavior Intrusion Detection: Enhanced Hakan Evecek Rodolfo Ortiz Hakan Evecek Rodolfo Ortiz.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.
Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.

Design and Implementation of Alternative Route Against DDOS Jing Yang and Su Li.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 TPAC 10/10/2003 chow C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs C. Edward Chow Department of Computer Science.

1 TPAC 10/10/2003 chow C. Edward Chow Department of Computer Science University of Colorado at Colorado Springs C. Edward Chow Department of Computer Science.
PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.
ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
Multipath Routing: Proxy Selection By Joseph A LaConte CS 591 – Semester Project December 07, 2005.

Multipath Routing: Proxy Selection By Joseph A LaConte CS 591 – Semester Project December 07, 2005.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Design of an Autonomous Anti-DDOS Network (A2D2) Angela Cearns Thesis Proposal Master of Software Engineering University of Colorado, Colorado Springs.

Design of an Autonomous Anti-DDOS Network (A2D2) Angela Cearns Thesis Proposal Master of Software Engineering University of Colorado, Colorado Springs.

Similar presentations

Ads by Google