Not‐a‐Bot (NAB): Improving Service Availability in the Face of Botnet A=acks
Ramakrishna (Ramki) Gummadi MIT
Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research)
NotaBot (NAB): Improving Service Availability in the Face of Botnet - - PowerPoint PPT Presentation
NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna (Ramki) Gummadi MIT Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research) The problem: Service unavailability Bounced email
Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research)
NSDI 2009
2
Misclassified email Bounced email
NSDI 2009
3
NSDI 2009
4
CAPTCHAs User Account Control
NSDI 2009
5
Keystrokes Attested Keystrokes
NSDI 2009
6 Attested Keystrokes
OS Browser Slow High-rate clicks
NSDI 2009
7
NSDI 2009
8
Kpriv Kpriv
NSDI 2009
9
A"ester
A=ested requests TPM OS Browser Network
Verifier
Web Server TCB
NSDI 2009
10
NSDI 2009
11
NSDI 2009
12
NSDI 2009
13
Kpriv{H(msg)} δm, δk} Siged Nonce Kpriv{ certified Kpub
NSDI 2009
14
A=ester
TPM
k
m
OS App
NSDI 2009
15
Recomputed attester’s hash
NSDI 2009
16
Below spam assassin threshold? yes Forward mail no A=ested? yes no Discard Forward Nonce valid? Discard yes no
NSDI 2009
17
NSDI 2009
18
Requests Attested Unattested Overloaded email, web server
NSDI 2009
19
NSDI 2009
20
NSDI 2009
21
NSDI 2009
22
NSDI 2009
23
Default: 1.5% missed spam, 0.08% misclassified as spam NAB: 0.15% missed spam, 0% misclassified as spam
NSDI 2009
24
No trace sees more than 8% prioritized spam
NSDI 2009
25
No trace sees more than 11% prioritized DDoS
NSDI 2009
26
No trace sees more than 13% click-fraud traffic
NSDI 2009
27
NSDI 2009
28