Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman.

Published byEugene Heath Modified over 8 years ago

Similar presentations

Presentation on theme: "CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman."— Presentation transcript:

1 CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman

2 The paper … A Framework for Classifying Denial of Service Attacks A Framework for Classifying Denial of Service AttacksAuthors: Alefiya Hussain Alefiya Hussain John Heideman John Heideman Christos Papadopoulos Christos Papadopoulos

3 Basis for classifying DoS attacks Why classify the attack? Helps to counter the attack Helps to counter the attack Attack Analysis: Header content Header content Ramp up behavior Ramp up behavior Spectral analysis Spectral analysis

4 Contribution of the paper Automated methodology Automated methodology A real time attack analysis A real time attack analysis Use of a traceback to identify the attacker is trivia in single source Use of a traceback to identify the attacker is trivia in single source New techniques of ramp up and spectral analysis New techniques of ramp up and spectral analysis

5 Taxonomy of DoS attacks To launch a Distributed DoS attack a malicious user : Compromises Internet hosts by exploiting security holes. Compromises Internet hosts by exploiting security holes. Installs attack tools on the compromised host also known as a zombie. Installs attack tools on the compromised host also known as a zombie.

6 Taxonomy of DoS attacks Software exploits Software exploits Software exploits. These attacks exploit specific bugs in the victim’s OS or applications. These cases are not considered in this paper. Flooding attacks Flooding attacks

7 Flooding attacks One or more attackers One or more attackers Streams of packets aimed at overwhelming link bandwidth or computing resources at the victim. Streams of packets aimed at overwhelming link bandwidth or computing resources at the victim. Single source attacks Single source attacks Multi-source attacks Multi-source attacks Reflector attack Reflector attack

8 Taxonomy of DoS attacks

9 Flooding attacks

10

11

12 Examples Ping of death Ping of death A modified version of a regular ping request. Land attack Land attack A packet with source host/port equal to destination host/port.

13 Attack tools Several canned attack tools are available on the Internet, such as Stacheldraht, Trinoo, Tribal Flood Network 2000, and Mstream that generate flooding attacks using a combination of TCP, UDP, and ICMP packets Several canned attack tools are available on the Internet, such as Stacheldraht, Trinoo, Tribal Flood Network 2000, and Mstream that generate flooding attacks using a combination of TCP, UDP, and ICMP packets

14 Attack Classification Header Contents Header Contents Ramp up behavior Ramp up behavior Spectral Analysis Spectral Analysis

15 Header Contents Most attacks spoof the source IP address Most attacks spoof the source IP address ID and TTL fields can give hints of the attackers ID and TTL fields can give hints of the attackers Difficult for attackers to coordinate the ID fields. Difficult for attackers to coordinate the ID fields.

16 Header Contents

17 Some attack tools forge all header contents. Impossible to distinguish between a single or multiple sources based on header information Need to use another technique

18 Ramp-up Behavior Observation point near the victim Observation point near the victim Master triggers zombies with trigger message Master triggers zombies with trigger message Results in a ramp up behavior Results in a ramp up behavior

19 Spectral analysis The attack stream is treated as a discrete function of time x(t) The attack stream is treated as a discrete function of time x(t) The autocorrelation function r(k) of x(t) is examined The autocorrelation function r(k) of x(t) is examined

20 Autocorrelation function

21 Discrete-time Fourier Transform

22 Spectral analysis We define two functions We define two functions The power of the attack stream P(f) The power of the attack stream P(f) The quantile of the attack stream F(p) The quantile of the attack stream F(p)

23 The cumulative power P(f) & C(f)

24 The quantile F(p)

25 Sample Graphs Single Source

26 Sample Graph Two Sources

27 Sample Graph Three Sources

28 Sample Graph Multiple Sources

29 Conclusion Possible to determine type of DoS attack Possible to determine type of DoS attack Analysis can be performed on the attack to determine if it is single or multi sourced Analysis can be performed on the attack to determine if it is single or multi sourced Need for automated tool to produce these analyses Need for automated tool to produce these analyses

Download ppt "CSE715 Presentation Project Fall 2004 by Michael Alexandrou and Rusty Coleman."

Similar presentations

Module VIII Denial Of Service

Module VIII Denial Of Service
(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.

Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.

Distributed Denial-of-Services (DDoS) Ho Jeong AN CSE 525 – Adv. Networking Reading Group #8.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.

Intrusion Detection and Hackers Exploits IP Spoofing Attack Yousef Yahya & Ahmed Alkhamaisa Prepared for Arab Academy for Banking and Financial Sciences.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.

A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS 265 - Security Engineering Spring 2003 San Jose State University.

IP Spoofing, CS2651 IP Spoofing Bao Ho ToanTai Vu CS Security Engineering Spring 2003 San Jose State University.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

Similar presentations

Ads by Google