Presentation is loading. Please wait.

Presentation is loading. Please wait.

Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1.

Published byAnabel Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1."— Presentation transcript:

1 Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1

2 Outline Background Traceback (Related work) DPM,PPM,DPPM EAST Performance Conclusion 2

3 Background DoS problem has been divided into three. 1. Prevention 2. Detection 3. Mitigation Traceback which is under Mitigation. 3

4 Traceback (Related work) There are many techniques have been proposed to traceback. 1. Link testing. 4

5 Traceback (Related work) There are many techniques have been proposed to traceback. 1. Link testing. 2. ICMP 1/20,000 5

6 Traceback (Related work) There are many techniques have been proposed to traceback. 1. Link testing. 2. ICMP 3. Logging 4. Packet Marking Deterministic Packet Marking(DPM) Probabilistic Packet Marking(PPM) Dynamic Probabilistic Packet Marking(DPPM) Storage 6

7 Deterministic Packet Marking(DPM) DPM marks every packet at the edge router. Use 16 bits IP Header and 1 bit Flag. 7

8 Probabilistic Packet Marking(PPM) Probability,p=1/25 IP header 16bits=> 8bits IP address, 8bits distance Routers 64Bits fragmentation to 8 x 8bits and victim combine. 8 DPM VS PPM

9 Dynamic Probabilistic Packet Marking(DPPM) Probability,p=1/d d is the traveling distance(by packet’s TTL) Packets to reconstruct the path are reduced. 9 DPPM VS PPM

10 TTL drawbacks 1. Initial TTL value is system dependent and would be changing based on the used system. 2. Attacker can intentionally inject packets with different TTL to confuse the technique. 10

11 EFFICIENT AS TRACEBACK (EAST) AS(Autonomous System),ASBR,BGP AIM: 1. Solve TTL drawbacks. 2. Reducing the required number of packets in the traceback. (Reduce storage at the victim) 11

12 EAST The 25 bits comes from three different fields, namely Type of service (TOS), identification(ID), and reservation flag (RF). 12

13 EAST Probability,p=1/(a-2) a is ASs from attacker to the AS of the victim. performs traceback at the AS level,a can be known in advance.  Solve TTL problem 13 32bits hash to 22bits

14 EAST algorithm 14

15 Performance and Analysis 15

16 Performance and Analysis 16

17 Conclusion DoS Traceback has many way. EAST maybe is better than PPM,DPPM. 17

18 REFERENCES [1] Ping-Hsien Yu, An Application of Proportional Probabilistic Packet Marking Trace in the DDoS Overlay Defense System, Department of Computer Science & Information Engineering 2011 [2] 彭士浩, 張晉銘, 卓信宏, 林宜隆, 趙涵捷, " 基於機率的封包標記選擇 策略改善 IP 回溯效能," 第十六屆臺灣網際網路研討會 (TANET 2011), Ilan, Taiwan, October 24-26, 2011. 18

19 THANK YOU. 19

Download ppt "Efficient AS DoS Traceback (Autonomous System) Mohammed Alenezi, Martin J Reed Computer Applications Technology (ICCAT), 2013 張業正 102062638 1."

Similar presentations

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.

COMP 7320 Internet Security: Prevention of DDoS Attacks By Dack Phillips.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.

IP Traceback in Cloud Computing Through Deterministic Flow Marking Mouiad Abid Hani Presentation figures are from references given on slide 21. By Presented.
Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.

Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson University of Washington- Seattle, WA Presented by Mohammad Hajjat- Purdue University Slides.
On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack INFOCOM 2001. Twentieth Annual Joint Conference of.

On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack INFOCOM Twentieth Annual Joint Conference of.
Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.

Defending against Large-Scale Distributed Denial-of-Service Attacks Department of Electrical and Computer Engineering Advanced Research in Information.
IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.

IP Spoofing Defense On the State of IP Spoofing Defense TOBY EHRENKRANZ and JUN LI University of Oregon 1 IP Spoofing Defense.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
IP Spoofing CIS 610 Week 2: 13-JAN-2004. Definition and Background n Def’n: The forging of the IP Source Address field in an IP packet n First mentioned.

IP Spoofing CIS 610 Week 2: 13-JAN Definition and Background n Def’n: The forging of the IP Source Address field in an IP packet n First mentioned.
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.

Deterministic Memory- Efficient String Matching Algorithms for Intrusion Detection Nathan Tuck, Timothy Sherwood, Brad Calder, George Varghese Department.
Foundations of Network and Computer Security J J ohn Black Lecture #26 Nov 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.

Foundations of Network and Computer Security J J ohn Black Lecture #26 Nov 5 th 2007 CSCI 6268/TLEN 5831, Fall 2007.
IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.

IP Traceback With Deterministic Packet Marking Andrey Belenky and Nirwan Ansari IEEE communication letters, VOL. 7, NO. 4 April 2003 林怡彣.
Examining IP Header Fields

Examining IP Header Fields
On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.

On the Effectiveness of Route- Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets Kihong Park and Heejo Lee Network Systems.
Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.

Detecting SYN-Flooding Attacks Aaron Beach CS 395 Network Secu rity Spring 2004.
Introduction to IP Traceback 交通大學 電信系 李程輝 教授. 2 Outline  Introduction  Ingress Filtering  Packet Marking  Packet Digesting  Summary.

Introduction to IP Traceback 交通大學 電信系 李程輝 教授. 2 Outline  Introduction  Ingress Filtering  Packet Marking  Packet Digesting  Summary.
Exploiting Packet Header Redundancy for Zero Cost Dissemination of Dynamic Resource Information Peter A. Dinda Prescience Lab Department of Computer Science.

Exploiting Packet Header Redundancy for Zero Cost Dissemination of Dynamic Resource Information Peter A. Dinda Prescience Lab Department of Computer Science.
John Kristoff DePaul Security Forum 2003 1 Network Defenses to Denial of Service Attacks John Kristoff +01 312 362-5878.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff

Similar presentations

Ads by Google