Presentation is loading. Please wait.

Presentation is loading. Please wait.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Published byJemimah Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi."— Presentation transcript:

1 Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi Xiong Conference: IEEE 35th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2015 Presenter: Kuan-Chieh Feng Date: 2015/10/21 Department of Computer Science and Information Engineering National Cheng Kung University

2 Outline Introduction Approach System Architecture Experiment National Cheng Kung University CSIE Computer & Internet Architecture Lab 2

3 Introduction In this paper, we discuss a novel attack detection approach that coordinates monitors distributed over a network and controllers centralized on an SDN Open Virtual Switch, selectively inspecting network packets on demand. National Cheng Kung University CSIE Computer & Internet Architecture Lab 3

4 Introduction Two studies are especially relevant to the challenges and solutions in this study. The OrchSec architecture [3] uses decoupled monitors and SDN correlators in order to mitigate different types of attacks. The NICE framework [4] is an IDS agent to monitor mirrored traffic and to propose potential countermeasures to attacks. National Cheng Kung University CSIE Computer & Internet Architecture Lab 4

5 Introduction A monitor is sensitive and lightweight to quickly detect anomalies in network traffic. A correlator, upon receiving an alert from a monitor, verifies the suspicion by inspecting detailed evidence of network packets in its neighborhood for additional attack signatures. National Cheng Kung University CSIE Computer & Internet Architecture Lab 5

6 Approach DoS flooding attacks try to deplete the recourses that a victim device has, being the network bandwidth or host resources. They utilize a variety of techniques of flooding, amplification, protocol exploiting, and malformed packets. Recently SDN has been applied in several studies. National Cheng Kung University CSIE Computer & Internet Architecture Lab 6

7 Approach However, DoS still poses many significant challenges to current detection and correlation solutions: The ability of Intrusion Detection Systems (IDS) is limited by what they see in data and thus by their locations on a network. Even if a SDN correlator is able to get hold of every bit of data, it is impossible to do deep inspection on every network packet National Cheng Kung University CSIE Computer & Internet Architecture Lab 7

8 Approach There is always a tradeoff in handling each of these problems. Ex: IDS location The key is to consider how to best utilize different IDS elements together in a dynamic and adaptive way. Solution : SDN National Cheng Kung University CSIE Computer & Internet Architecture Lab 8

9 Approach Consider the TCP SYN flood attack :  A surge of traffic volume of SYN requests Setting up a control threshold over the baseline traffic in monitor can quickly recognize a surge of abnormal traffic.  Spoofed IP address in invalid SYN requests Requires adequate knowledge to be able to tell them apart from other legitimate IPs National Cheng Kung University CSIE Computer & Internet Architecture Lab 9

10 Approach National Cheng Kung University CSIE Computer & Internet Architecture Lab 10

11 System Architecture System Design Algorithms Communication Protocol National Cheng Kung University CSIE Computer & Internet Architecture Lab 11

12 System Architecture – system design Server Client (normal user, attacker) Open Virtual Switch Monitor Correlator (SDN controller) National Cheng Kung University CSIE Computer & Internet Architecture Lab 12

13 System Architecture - algorithm The Monitor is running a real time communicator algorithm. The Correlator, hosted on the SDN controller, runs another algorithm that maintains an open communication with the monitor and the OVS. A hash table based on original flow table Another hash table based on current flow table National Cheng Kung University CSIE Computer & Internet Architecture Lab 13

14 System Architecture – communication protocol National Cheng Kung University CSIE Computer & Internet Architecture Lab 14

15 Experiment Environment Implementation on GENI Ubuntu Linux 64 bits Normal traffic created by iperf TCP SYN floods with IP spoofing by hping3 Correlator running correlation algorithm on POX The IDS is implemented by Snort rule Communication protocol between the monitor and correlator are implement in Python using socket programming National Cheng Kung University CSIE Computer & Internet Architecture Lab 15

16 Experiment - Result analysis National Cheng Kung University CSIE Computer & Internet Architecture Lab 16

17 Experiment - Result analysis National Cheng Kung University CSIE Computer & Internet Architecture Lab 17

18 Experiment - Result analysis National Cheng Kung University CSIE Computer & Internet Architecture Lab 18

19 Experiment The monitor is the bottleneck in our experimentation The most time consuming part of the monitor implementation the time it takes for the monitor to receive the attack packets To improve the performance, we will need to either increase the number of monitors or use more powerful machines. National Cheng Kung University CSIE Computer & Internet Architecture Lab 19

Download ppt "Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi."

Similar presentations

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric (07016080)

DFence: Transparent Network-based Denial of Service Mitigation CSC7221 Advanced Topics in Internet Technology Presented by To Siu Sang Eric ( )
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff
Lecture 15 Denial of Service Attacks

Lecture 15 Denial of Service Attacks
Host Intrusion Prevention Systems & Beyond

Host Intrusion Prevention Systems & Beyond
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
Department Of Computer Engineering

Department Of Computer Engineering
A Survey on Interfaces to Network Security

A Survey on Interfaces to Network Security
OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.

OpenFlow-Based Server Load Balancing GoneWild Author : Richard Wang, Dana Butnariu, Jennifer Rexford Publisher : Hot-ICE'11 Proceedings of the 11th USENIX.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.

HybridCuts: A Scheme Combining Decomposition and Cutting for Packet Classification Authors : Wenjun Li, Xianfeng Li Publisher : 2013 IEEE 21st Annual Symposium.
Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.
Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.

Packet Classification using Rule Caching Author: Nitesh B. Guinde, Roberto Rojas-Cessa, Sotirios G. Ziavras Publisher: IISA, 2013 Fourth International.
Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.

Sampling Techniques to Accelerate Pattern Matching in Network Intrusion Detection Systems Author: Domenico Ficara, Gianni Antichi, Andrea Di Pietro, Stefano.
Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.

Fast forwarding table lookup exploiting GPU memory architecture Author : Youngjun Lee,Minseon Jeong,Sanghwan Lee,Eun-Jin Im Publisher : Information and.

Similar presentations

Ads by Google