exploring ddos defense mechanisms
play

Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future - PowerPoint PPT Presentation

Dec 13, 2022 •316 likes •622 views

Lehrstuhl Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl Netzarchitekturen und Netzdienste Fakultt

  1. Lehrstuhl Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München Exploring DDoS Defense Mechanisms Patrick Holl Seminar Future Internet SS14-WS14/15 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München

  2. Overview  Defining DoS and DDoS  DoS vs. DDoS  DDoS classification  DDoS Defense Mechanisms  Proactive  Reactive  Rule based  Model based  Future of DDoS defense  Software-defined networking (SDN)  Conclusion 2 Exploring DDoS Defense Mechanisms

  3. Overview  Defining DoS and DDoS  DoS vs. DDoS  DDoS classification  DDoS Defense Mechanisms  Proactive  Reactive  Rule based  Model based  Future of DDoS defense  Software-defined networking (SDN)  Conclusion 3 Exploring DDoS Defense Mechanisms

  4. Defining (Distributed) Denial-of-Service Denial-of-service ( DoS ) = attempt to make a machine or network unavailable to its intended users 4 Exploring DDoS Defense Mechanisms

  5. DDoS attacks can target different layers…  Transport Layer Attacks (e.g. TCP SYN Flooding) Legit TCP 3-Way Handshake Imag age Sourc urce: : http:// p://de de.w .wik ikipe pedia dia.o .org/w /wik iki/SY i/SYN-Flo lood 5 Exploring DDoS Defense Mechanisms

  6. DDoS attacks can target different layers…  Transport Layer Attacks (e.g. TCP SYN Flooding) TCP SYN Flooding attack Imag age Sourc urce: : http:// p://de de.w .wik ikipe pedia dia.o .org/w /wik iki/SY i/SYN-Flo lood 6 Exploring DDoS Defense Mechanisms

  7. Not only the transport layer is vulnerable to DDoS attacks  Transport Layer Attacks (e.g. TCP SYN Flooding)  Application Layer Attacks (e.g. Apache2 web server attacks like Slowloris) Imag age Sourc urce: : http://e p://en.w .wik ikipe pedia dia.o .org/w /wik iki/Slo i/Slow_lo loris 7 Exploring DDoS Defense Mechanisms

  8. Overview  Defining DoS and DDoS  DoS vs. DDoS  DDoS classification  DDoS Defense Mechanisms  Proactive  Reactive  Rule based  Model based  Future of DDoS defense  Software-defined networking (SDN)  Conclusion 8 Exploring DDoS Defense Mechanisms

  9. How can we achieve this? Imag age Sourc urce: : http://w p://www.n .neust ustar.bi .biz/re z/resourc urces/produ /product-li literat ature ure/n /neust ustar-ddo ddos-miti itigat atio ion-pro profe fessio ional-servi vices 9 Exploring DDoS Defense Mechanisms

  10. There are various approaches to handle an attack  Proactive defense  Built your infrastructure in a way that it will survive a DDoS attack  Rely on a scalable infrastructure (e.g. cloud hosting)  Utilize resources when necessary  There is a good chance to survive Zero-Day DDoS attacks  Infrastructure can be expensive 10 Exploring DDoS Defense Mechanisms

  11. There are various approaches to handle an attack  Reactive defense  Mitigate or block a DDoS attack when it happens  Install an IDS and feed it with certain attack patterns  There are attacks which are easier to detect (TCP SYN Flooding) and ones which are much harder (flash crowd imitation)  Zero-Day DDoS attacks are in most cases not detectable It’s either or… 11 Exploring DDoS Defense Mechanisms

  12. Which approach is the best?  There is no best approach, why?  Depending on the concrete scenario, one approach can outperform the other  Not everybody can afford the resources to build an infrastructure which are able to survive large DDoS attacks  Reactive approaches are usually cheaper  Proactive and reactive approaches are often combined for multiple lines of defense Imag age Sourc urce: : http:// ://pa pas-wor ordpre press-media dia.s3.am .amazo zonaws.com om/c /content nt/up uplo loads ds/2014/0 /08/Pr Proactive ve-v. v.-Reactive ive.pn .png 12 Exploring DDoS Defense Mechanisms

  13. What can we actually do to defend our servers? 13 Exploring DDoS Defense Mechanisms

  14. Overview  Defining DoS and DDoS  DoS vs. DDoS  DDoS classification  DDoS Defense Mechanisms  Proactive  Reactive  Rule based  Model based  Future of DDoS defense  Software-defined networking (SDN)  Conclusion 14 Exploring DDoS Defense Mechanisms

  15. Selective Blackholing [Snijders, 2014]  Consider the following scenario:  A German online shop where 95% of its customers are Germans  One day, 95% of all incoming traffic originate from China  Wow, my internationalization strategy must really work!? 15 Exploring DDoS Defense Mechanisms

  16. We don’t want to ship to China!  Some facts about large Botnets:  Most bots are hijacked via automated routines  Agents are distributed globally  How can we provide a service to its main target group?  If the incoming packets exceed the servers resources, block all outside the scope of the main target group.  In this example => Block all traffic outside from Germany 16 Exploring DDoS Defense Mechanisms

  17. How does this work? Country based filter as proposed by Snijders 17 Exploring DDoS Defense Mechanisms

  18. Overview  Defining DoS and DDoS  DoS vs. DDoS  DDoS classification  DDoS Defense Mechanisms  Proactive  Reactive  Rule based  Model based  Future of DDoS defense  Software-defined networking (SDN)  Conclusion 18 Exploring DDoS Defense Mechanisms

  19. Statistical Approaches  Statistical approaches are based on the assumption that DDoS attack traffic shows anomalies in the entropy and frequency of selected packet attributes.  For instance, the packets source address distribution: Regular traffic flow: … 129.122.23.2 131.87.32.33 87.23.22.111 91.11.111.23 DoS attack: … 129.122.23.2 129.122.23.2 129.122.23.2 129.122.23.2 19 Exploring DDoS Defense Mechanisms

  20. We have to build a model first  Incoming packets are classified by a model that represents the default (legit) state  Calculate to entropy of consecutive packets  Use the entropy to find the normal source address distribution  Changes in the entropy can give a hint for an attack 20 Exploring DDoS Defense Mechanisms

  21. Which defense mechanism is the best? 21 Exploring DDoS Defense Mechanisms

  22. Both have advantages and shortcomings Rule based Model based + Advantages + Advantages   Low start-up time Can give protection against Zero-  100% detection rate for known Day DDoS attacks  attacks (where rules exist) Abnormal packet streams can be  Low false-positive rate flagged for further analysis  Maintenance  Scalable + Shortcomings + Shortcomings   Not able to detect Zero-Day or Works only well if a suitable model other kinds of unknown DDoS exists  attacks Model has to be built first   Nowadays, attackers attack Model has to be constantly different layers concurrently updated 22 Exploring DDoS Defense Mechanisms

  23. A combination of multiple techniques is possible  Rule based:  Selective blackholing  Good for known attacks  Block traffic outside main target group  Model based:  Find suspicious packet stream  Detect attacks inside the geographical location of the main target group  As a result:  Bots outside the geographical location of the target user group cannot attack the service  Bots within the location radius of the main target group can attack but, depending on the number of available bots, are heavily mitigated 23 Exploring DDoS Defense Mechanisms

  24. Overview  Defining DoS and DDoS  DoS vs. DDoS  DDoS classification  DDoS Defense Mechanisms  Proactive  Reactive  Rule based  Model based  Future of DDoS defense  Software-defined networking (SDN)  Conclusion 24 Exploring DDoS Defense Mechanisms

  25. Whats next?  Software-Defined Networking (SDN) are (maybe) the next big thing!  Traffic is separated into flows  Central point of knowledge (SDN Controller)  Once a DDoS attack flow is identified, the whole flow can be blackholed 25 Exploring DDoS Defense Mechanisms

  26. Overview  Defining DoS and DDoS  DoS vs. DDoS  DDoS classification  DDoS Defense Mechanisms  Proactive  Reactive  Rule based  Model based  Future of DDoS defense  Software-defined networking (SDN)  Conclusion 26 Exploring DDoS Defense Mechanisms

  27. Conclusion  DDoS mitigation and defense is a game of cat-and-mouse with the bad guys  Rule based  Selective blackholing  Model based:  Source address distribution  Model an rule based approaches can be combined  It is hard to test DDoS defense mechanisms in a realistic scenario  DDoS attacks can target different layers 27 Exploring DDoS Defense Mechanisms

  28. Conclusion  DDoS mitigation and defense is a game of cat-and-mouse with the bad guys  We have seen rule based approaches like selective blackholing and model based ones like the source address distribution  Various defense mechanisms can be combined to achieve multiple lines of defense  It is hard to test DDoS defense mechanisms in a realistic scenario  There are many different kinds of DDoS attacks which target different layers 28 Exploring DDoS Defense Mechanisms

Recommend

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek

DDoS Defense Mechanisms for IXP Infrastructures Tim Dijkhuizen Lennart van Gijtenbeek Supervisor: Stavros Konstantaras (AMS-IX) SNE: Research Project II 03-07-2018 Introduction D istributed D enial o f S ervice DDoS attacks on banks in

720 views • 33 slides
A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter

A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms Jelena Mirkovic, Janice Martin & Peter Reiher Manu Shantharam & David Hadka What is DoS? DoS A type of attack wherein access to computer resource / service is denied or

380 views • 18 slides
Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense

Network Security CIA +Availability By Jinjian Ma Topics DOS/DDoS Detection & Defense Prevention DOS/DDoS Types Vulnerability attack Flooding attack DoS vs DDoS DoS: Attack is launched from single host Less

614 views • 26 slides
DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks

DDOS: DDos and DDonts DrupalCon 2016 Agenda What is DDoS Detecting DDoS Attacks DDoS Prevention Improving Performance Questions Glossary DDoS - Attempt to make a server or network resource unavailable to Internet

549 views • 30 slides
DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM06 Presented By:

DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM06 Presented By:

DDoS Defense by Defense by DDoS Offense Offense Published in ACM SIGCOMM06 Presented By: Marwa K. Elteir Outline Outline Problem definition Problem definition Related Work Related Work Speak Speak- -up up Model Model

458 views • 9 slides
Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster

Universal DDoS Mitigation Bypass DDoS Mitigation Lab About Us Industry body formed to foster synergy among stakeholders to promote advancement in DDoS defense knowledge. Independent academic R&D division of Nexusguard building next

764 views • 44 slides
Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde,

Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde,

Practical Verifiable In-network Filtering for DDoS Defense Deli Gong, Muoi Tran , Shweta Shinde, Hao Jin, Vyas Sekar, Prateek Saxena, Min Suk Kang July 8, 2019 | Dallas, TX Large-scale volumetric DDoS attacks are common (distributed denial of

569 views • 29 slides
Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar

Optical-Aware DDoS Defense Matt Hall, Ramakrishnan Durairajan, Guyue (Grace) Liu, Vyas Sekar DDoS Attacks A persistent threat on the global Internet Working from home new online tools for collaboration New tools new attack

405 views • 9 slides
CDN on Demand Affordable DDoS Defense using Untrusted IaaS-Clouds Yossi Gilad, Michael Goberman,

CDN on Demand Affordable DDoS Defense using Untrusted IaaS-Clouds Yossi Gilad, Michael Goberman,

CDN on Demand Affordable DDoS Defense using Untrusted IaaS-Clouds Yossi Gilad, Michael Goberman, Amir Herzberg and Michael Sudkovitch Talk Outline Content Delivery Networks as DoS defense The CDN-on-Demand system Clientless

529 views • 22 slides
Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro,

Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro,

Modelling and simulation of a defense strategy to face indirect DDoS flooding attacks A. Furfaro, P. Pace, A. Parise, L. Molina Valdiviezo Universit` a della Calabria D.I.M.E.S 87036 Rende(CS) - Italy Email: a.furfaro@unical.it A. Furfaro

510 views • 18 slides
.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary

.tr DDoS A)ack December 2015 A4la zgit .tr ccTLD Manager Dec, 2015 .tr DDoS A)ack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS A)ack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos A)acks Few Qmes

150 views • 13 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies:

Defense mechanisms How do we stop this from happening? sws1 1 Defenses Different strategies: Prevention Detection Reaction Ideally, youd like to prevent problems, but typically you cannot, so you have to make it

419 views • 17 slides
DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology

1 DDoS Mitigation collection TL;DR: DDOS STRATEGISTS DO DRUGS Agenda 2 Intro Methodology of work DDoS tactics in-the-wild and how to improve Ready, set, FACEPALM! Q&A ~$ whoami 3 Moshe Zioni, Head of Research,

656 views • 47 slides
Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim

Transport choice for Co-operative DDoS Mitigation 1 DDoS Transport Choice Message: DDoS victim to DDoS mitigation service SOS "I am getting DoSd" 2 DDoS Transport Choice SOS : Requirements Emergency signal.

247 views • 5 slides
Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense

Ca Catch ch M Me If Ca e If Can: A Cl A Clou oud-En -Enabled ed DDoS DDoS De Defen ense e Quan Jia, Huangxin Wang, Dan Fleck, Fei Li, Angelos Stavrou, Walter Powell Presented by Surya Mani Content u Motivation u Related Work u

262 views • 23 slides
Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology

Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology

Exploitation on ARM Technique and bypassing defense mechanisms 07. 2010 STRI/Advance Technology Lab/Security # /usr/bin/whoami Itzhak (Zuk) Avraham Researcher at Samsung Electronics Partner at PIA Follow me on twitter under

473 views • 31 slides
CS-527 Software Security Defense Mechanisms Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Defense Mechanisms Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Defense Mechanisms Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 A model for Control-Flow Hijack attacks

673 views • 41 slides
DDoS Last Class Fault tolerance Concurrency Naming This Class Networking How

DDoS Last Class Fault tolerance Concurrency Naming This Class Networking How

DDoS Last Class Fault tolerance Concurrency Naming This Class Networking How DDoS works UDP Data Client Server Response TCP DDoS Distributed denial-of-service attack Attacker targets a victim from a number of

356 views • 22 slides
Exploring Neural Mechanisms for Prediction Keith L. Downing The Norwegian University of Science

Exploring Neural Mechanisms for Prediction Keith L. Downing The Norwegian University of Science

Primitives Procedural -vs- Declarative Predictive Networks Exploring Neural Mechanisms for Prediction Keith L. Downing The Norwegian University of Science and Technology (NTNU) Trondheim, Norway keithd@idi.ntnu.no February 19, 2011 Keith L.

726 views • 47 slides
A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon

A Guide About DDoS Attacks Understanding and anticipating DDoS Guillaume Valadon guillaume.valadon@ssi.gouv.fr RIPE 70 - May, 11 2015 ANSSI - http://www.ssi.gouv.fr/guide-ddos & https://goo.gl/UL8M1 1/12 ANSSI Created on July 7th 2009,

142 views • 12 slides
CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks

CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks

CS 110 Summer 2018 Ryan Eberhardt DDoS Attacks https://www.reveelium.com/en/ddos-attacks-the-cyber-boogeyman-part-i/ DDoS Attacks 1,700 Gbps!! 2015 :-/

748 views • 20 slides
PARTICLE-CELL INTERACTIONS AND THEIR IMPLICATIONS IN LUNG DEFENSE MECHANISMS Kiama S. G

PARTICLE-CELL INTERACTIONS AND THEIR IMPLICATIONS IN LUNG DEFENSE MECHANISMS Kiama S. G

PARTICLE-CELL INTERACTIONS AND THEIR IMPLICATIONS IN LUNG DEFENSE MECHANISMS Kiama S. G University of Nairobi PARTICLE DEPOSITION AND CLEARANCE IN THE LUNG DOSE EFFECT EXPOSURE DEPOSITION CLEARANCE RETENSION Aerodynamic filtration

643 views • 23 slides

More recommend