modeling and mitigating the coremelt attack
play

Modeling and Mitigating the Coremelt Attack Guosong Yang 1 , Hossein - PowerPoint PPT Presentation

Mar 09, 2023 •30 likes •380 views

Modeling and Mitigating the Coremelt Attack Guosong Yang 1 , Hossein Hosseini 2 , Dinuka Sahabandu 2 , Andrew Clark 3 , ao Hespanha 1 , and Radha Poovendran 2 Jo 1 Department of Electrical and Computer Engineering, University of California,

  1. Modeling and Mitigating the Coremelt Attack Guosong Yang 1 , Hossein Hosseini 2 , Dinuka Sahabandu 2 , Andrew Clark 3 , ao Hespanha 1 , and Radha Poovendran 2 Jo˜ 1 Department of Electrical and Computer Engineering, University of California, Santa Barbara 2 Department of Electrical Engineering, University of Washington 3 Department of Electrical and Computer Engineering, Worcester Polytechnic Institute 2018 American Control Conference Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 1 / 18

  2. Introduction Introduction The Coremelt attack on a TCP network with the “dumbbell” topology Contribution • A dynamical system model for analysis • A limited number of subverted machines (bots): a modified TCP algorithm • A flow-based mitigation method • Simulation results Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 2 / 18

  3. Background Distributed denial of service (DDoS) attack Attempt to disrupt network service by sending superfluous traffics from a vast number of bots Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 3 / 18

  4. Background Distributed denial of service (DDoS) attack Attempt to disrupt network service by sending superfluous traffics from a vast number of bots Soaring number of Internet of Things (IoT) = ⇒ Escalating DDoS threats • 21 billion IoT devices by 2020 Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 3 / 18

  5. Background Distributed denial of service (DDoS) attack Attempt to disrupt network service by sending superfluous traffics from a vast number of bots Soaring number of Internet of Things (IoT) = ⇒ Escalating DDoS threats • 21 billion IoT devices by 2020 One of world’s largest DDoS attack to date [Ant+17] • 2016 on OVH (hosting service in France) • Mirai Botnet: 150,000 hacked IoT devices, 600,000 at peak • Attack flow rate: 1 Tbps [Ant+17] M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, and Y. Zhou, in 26th USENIX Secur. Symp. , 2017 Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 3 / 18

  6. Background The Coremelt attack A link-flooding DDoS attack [SP11] Target: backbone link [SP11] A. Studer and A. Perrig, in 16th Eur. Symp. Res. Comput. Secur. , 2011 Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 4 / 18

  7. Background The Coremelt attack A link-flooding DDoS attack [SP11] Target: backbone link Distributed botnet • Available – Mirai Botnet: 150k bots, 600k at peak – Among M bots there are O ( M 2 ) connections • Affordable – Price per 1000 bots: $100–$180 in U.S. or U.K., $20–$60 in Europe, less than $10 elsewhere [SP11] A. Studer and A. Perrig, in 16th Eur. Symp. Res. Comput. Secur. , 2011 Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 4 / 18

  8. Background The Coremelt attack A link-flooding DDoS attack [SP11] Target: backbone link Distributed botnet • Available – Mirai Botnet: 150k bots, 600k at peak – Among M bots there are O ( M 2 ) connections • Affordable – Price per 1000 bots: $100–$180 in U.S. or U.K., $20–$60 in Europe, less than $10 elsewhere Low-intensity, legitimate-looking traffic • Able to evade conventional DDoS defenses [SP11] A. Studer and A. Perrig, in 16th Eur. Symp. Res. Comput. Secur. , 2011 Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 4 / 18

  9. Background Transmission Control Protocol (TCP) A congestion control algorithm [Pos81] • One congestion window per round-trip time (RTT) • Detect congestion based on missing acknowledgements (ACKs) • Additive-increase/multiplicative-decrease (AIMD) feedback algorithm [CJ89] [Pos81] J. Postel, Information Sciences Institute, Tech. Rep., 1981 [CJ89] D.-M. Chiu and R. Jain, Comput. Networks ISDN Syst. , 1989 Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 5 / 18

  10. Background Transmission Control Protocol (TCP) A congestion control algorithm [Pos81] • One congestion window per round-trip time (RTT) • Detect congestion based on missing acknowledgements (ACKs) • Additive-increase/multiplicative-decrease (AIMD) feedback algorithm [CJ89] TCP-NewReno [Hen+12] • Widely used in modern Internet • Better for bursts of packet drops [Pos81] J. Postel, Information Sciences Institute, Tech. Rep., 1981 [CJ89] D.-M. Chiu and R. Jain, Comput. Networks ISDN Syst. , 1989 [Hen+12] T. Henderson, S. Floyd, A. Gurtov, and Y. Nishida, Internet Engineering Task Force, Tech. Rep., 2012 Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 5 / 18

  11. Analysis Dynamical system model Analyze the impact and effectiveness of the Coremelt attack Establish flow composition and convergence via Lyapunov-based analysis Understand the relations between the number of bots, packet drop probability, and link usage ratio of users Develop a flow-based mitigation method Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 6 / 18

  12. Analysis Network model TCP-NewReno source One congestion window w k per RTT τ k Average flow rate x k = w k /τ k Congestion probability q k ≈ w k p with packet drop probability p Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 7 / 18

  13. Analysis Network model TCP-NewReno source One congestion window w k per RTT τ k Average flow rate x k = w k /τ k Congestion probability q k ≈ w k p with packet drop probability p AIMD algorithm for TCP-NewReno � w k ← w k + 1 , without congestion ; w k ← w k / 2 , with congestion Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 7 / 18

  14. Analysis Network model TCP-NewReno source One congestion window w k per RTT τ k Average flow rate x k = w k /τ k Congestion probability q k ≈ w k p with packet drop probability p AIMD algorithm for TCP-NewReno � w k ← w k + 1 , without congestion ; w k ← w k / 2 , with congestion Dynamical system model: x k = 1 � (1 − q k ) − w k � ˙ 2 q k τ 2 k Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 7 / 18

  15. Analysis Network model TCP-NewReno source − px 2 x k = 1 − τ k x k p k ˙ 2 , k = 1 , . . . , N τ 2 k Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 8 / 18

  16. Analysis Network model TCP-NewReno source − px 2 x k = 1 − τ k x k p k ˙ 2 , k = 1 , . . . , N τ 2 k Bottleneck link Aggregate rate y = � x k Bandwidth C Drop the excess packets � 1 − C/y, if y > C ; p = 0 , otherwise Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 8 / 18

  17. Analysis Attack with M bots following TCP-NewReno Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 9 / 18

  18. Analysis Attack with M bots following TCP-NewReno Theorem 1 If M bots and N − M users all follow TCP-NewReno, the dynamical system is globally asymptotically stable (GAS) √ Packet drop probability converge to p ∗ satisfying � N 1+2 /p ∗ +1 1 τ k = p ∗ C k =1 2(1 − p ∗ ) Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 9 / 18

  19. Analysis Attack with M bots following TCP-NewReno Theorem 1 If M bots and N − M users all follow TCP-NewReno, the dynamical system is globally asymptotically stable (GAS) √ Packet drop probability converge to p ∗ satisfying � N 1+2 /p ∗ +1 1 τ k = p ∗ C k =1 2(1 − p ∗ ) Proof Lyapunov function V ( x − x ∗ ) such that ˙ V ( x − x ∗ ) ≤ − W ( x − x ∗ ) − ( p − p ∗ )( y − y ∗ ) W ( x − x ∗ ) is positive definite Packet drop probability p is increasing in aggregate rate y Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 9 / 18

  20. Analysis Attack with M bots following TCP-NewReno Theorem 1 If M bots and N − M users all follow TCP-NewReno, the dynamical system is globally asymptotically stable (GAS) √ Packet drop probability converge to p ∗ satisfying � N 1+2 /p ∗ +1 1 τ k = p ∗ C k =1 2(1 − p ∗ ) Implication For the same RTT τ , the link usage ratio of users is 1 − M/N Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 10 / 18

  21. Analysis Attack with M bots following TCP-NewReno Theorem 1 If M bots and N − M users all follow TCP-NewReno, the dynamical system is globally asymptotically stable (GAS) √ Packet drop probability converge to p ∗ satisfying � N 1+2 /p ∗ +1 1 τ k = p ∗ C k =1 2(1 − p ∗ ) Implication For the same RTT τ , the link usage ratio of users is 1 − M/N A target value p ∗ can be achieved by enough bots so that √ 1+2 /p ∗ +1 N ≥ p ∗ τC 2(1 − p ∗ ) Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 10 / 18

  22. Analysis Attack with M bots following a modified TCP Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 11 / 18

  23. Analysis Attack with M bots following a modified TCP Modified TCP source Internal state ξ j that follows the AIMD algorithm for TCP-NewReno Flow rate x j = λ j ξ j with gain λ j ≥ 0 Drive the congestion probability to target value q 0 by slowly adjusting λ j : ˙ λ j = γ j ξ j ( q 0 − q j ) + λ j Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 11 / 18

  24. Analysis Attack with M bots following a modified TCP Theorem 2 If N − M users follow TCP-NewReno and M bots follow the modified TCP, the dynamical system is GAS Congestion probability converge to target value q 0 for any M Yang et al. (UCSB, UW, WPI) Coremelt ACC2018 12 / 18

Recommend

AN INTEGRATED APPROACH TO MODELING AND MITIGATING SOFC FAILURE Andrei Fedorov, Comas Haynes,

AN INTEGRATED APPROACH TO MODELING AND MITIGATING SOFC FAILURE Andrei Fedorov, Comas Haynes,

AN INTEGRATED APPROACH TO MODELING AND MITIGATING SOFC FAILURE Andrei Fedorov, Comas Haynes, Jianmin Qu Georgia Institute of Technology DE-AC26-02NT41571 Program Managers: Travis Shultz National Energy Technology Laboratory Outline First

642 views • 40 slides
Mitigating Multiple professionals can mitigate even previously unknown vectors: security gap from

Mitigating Multiple professionals can mitigate even previously unknown vectors: security gap from

By recognizing the four main categories of attack, security Security professionals need to understand how to plug the Mitigating Multiple professionals can mitigate even previously unknown vectors: security gap from Layers 3 to 7, and protect

387 views • 9 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
Modeling Electronic Attack (U) Jose M. Gonzalez Chief Modeling & Simulation Support Branch

Modeling Electronic Attack (U) Jose M. Gonzalez Chief Modeling & Simulation Support Branch

UNCLASSIFIED // FOR OFFICIAL USE ONLY Distribution authorized to U.S. Government agencies and their contractors; critical technology (July 2009). Other request for this document shall be referred to Director, U.S. Army Research Laboratory, ATTN:

325 views • 13 slides
HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet

HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet

HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ann Cox, PhD. Program Manager Cyber Security Division Homeland Security Advanced Research

545 views • 21 slides
Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl

Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl

Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl Nets Clement & Associates Ltd FISHERIES ADVISORS & ANALYSTS Objectives Objectives Characterise the nature and extent of

730 views • 35 slides
Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J.

Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J.

Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J. Mullenix , AIA Megha Parekh Sinha , AICP, LEED AP BD+C Partner, NBBJ Principal, NBBJ Mitigating Stress Dr. John Medina Professor of Bioengineering,

1.01k views • 33 slides
ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

440 views • 11 slides
Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know. Current biological diagnostics are very effective at identifying agents, but theyre slow. We already have an infrastruc- ture in place to

233 views • 8 slides
ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT & Return-to-plt Attack & GOT Overwrite Attack Dr. Si Chen (schen@wcupa.edu) Review Page 2 ret2libc Attack Page 3 libc C standard library Provides

662 views • 36 slides
Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June

Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June

Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June 3, 2020 TRANSFORMING WASTEWATER TO RESOURCES Background Mitigating COVID-19 Impacts Ensuring the health and safety of District employees is

397 views • 10 slides
Mitigating Geomagnetic Induced Currents Using Surge Arresters ALBERTO RAMIREZ MITIGATING

Mitigating Geomagnetic Induced Currents Using Surge Arresters ALBERTO RAMIREZ MITIGATING

Mitigating Geomagnetic Induced Currents Using Surge Arresters ALBERTO RAMIREZ MITIGATING GEOMAGNETIC INDUCED CURRENTS USING SURGE ARRESTERS Alberto Ramirez Orquin Vanessa Ramirez University of Puerto Rico

656 views • 29 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
Mitigating Composite Pain 1. What are my reporting requirements 2. Why are we here MCP

Mitigating Composite Pain 1. What are my reporting requirements 2. Why are we here MCP

Mitigating Composite Pain 1. What are my reporting requirements 2. Why are we here MCP OVERVIEW 3. Make Safe Short term 4. Remediation Cost Mitigation 5. Project Delivery WHY ARE WE HERE? A Brief History of Combustible Cladding Fires

181 views • 16 slides
A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler

A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler

A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler Federal Office for Information Security (BSI), Germany Lausanne, September 7, 2009 Outline r Introduction and Motivation r The Attack r Basic attack

514 views • 25 slides
Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed Abdelraheem, Huda AlKhzaimi, and Erik Zenner DTU Mathematics

598 views • 37 slides
Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack Summary : The attack was severe and sophisticated; categorized as a catastrophic attack. It was highly strategic with regard to timing

329 views • 16 slides
TCPDB.DAT case Archive file signatures Attack surface Attack vectors Defense Conclusions P A

TCPDB.DAT case Archive file signatures Attack surface Attack vectors Defense Conclusions P A

Introduction Motivation SAP compression algorithms Archive file programs SAP archive file formats CAR SAR v2.00 SAR v2.01 Relative/absolute paths TCPDB.DAT case Archive file signatures Attack surface Attack vectors

913 views • 49 slides
ASCs 5.1 Surround ATTACK Wall walls and corners. Its name, ATTACK is an acronym that

ASCs 5.1 Surround ATTACK Wall walls and corners. Its name, ATTACK is an acronym that

December 7-8, 2001, Beverly Hills, CA. Corporation, at the Surround 2001 International Conference and Technology Showcase, .E., President of Acoustic Sciences Transcript of a seminar presented by Arthur Noxon P ASCs 5.1 Surround ATTACK Wall

243 views • 6 slides
Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems Nothing is in isolation Attack surface An attack surface is the total number of possible attack vectors Think of a house, with the

309 views • 15 slides
Upset Prevention & Recovery Training (UPRT) Why Mitigating Loss of Control In-Flight Matters

Upset Prevention & Recovery Training (UPRT) Why Mitigating Loss of Control In-Flight Matters

Upset Prevention & Recovery Training (UPRT) Why Mitigating Loss of Control In-Flight Matters Karl Schlimm, Director of Flight Operations Aviation Performance Solutions Why Mitigating the Loss of Control In-Flight Threat Matters Thank You

404 views • 39 slides
Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane

Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane

Understanding and Mitigating the Impacts of Illegal CFC-11 Use in the Production of Polyurethane Foams Clare Perry Environmental Investigation Agency (EIA) International Symposium On The Unexpected Increase in Emissions of Ozone-Depleting

348 views • 18 slides
Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com

Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com

Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com Overview of Talk l Introduction l Background material l Attack class l Example attack l Popular questions l Extensions UCD Vulnerabilities Group l

759 views • 24 slides
Mitigating the Adverse Effects of Oil and Gas Development Hon. Tim Addison, Yoakum

Mitigating the Adverse Effects of Oil and Gas Development Hon. Tim Addison, Yoakum

89 TH A NNUAL W EST T EXAS C OUNTY J UDGES AND C OMMISSIONERS A SSOCIATION C ONFERENCE Thursday, April 26, 2018 8:00 8:50 a.m. Mitigating the Adverse Effects of Oil and Gas Development Hon. Tim Addison, Yoakum County, Commissioner

246 views • 10 slides

More recommend