not a bot nab improving service availability in the face
play

NotaBot (NAB): Improving Service Availability in the Face of Botnet - PowerPoint PPT Presentation

Oct 25, 2022 •330 likes •627 views

NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna (Ramki) Gummadi MIT Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research) The problem: Service unavailability Bounced email

  1. Not‐a‐Bot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna (Ramki) Gummadi MIT Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research)

  2. The problem: Service unavailability Bounced email Misclassified email NSDI 2009 2

  3. Botnets: Reduce service availability  Email: 85% of spam from top six botnets • Over 95% of all inboxes affected • 120 billion messages/day: Overloaded mail servers  DDoS: 4000 attacks/week [Moore et al.,’06] QuesEon: General way to disEnguish bots from humans?  Click-fraud: ad fraud, search engine fraud • ~ 15% of all ad clicks • Compromise search results NSDI 2009 3

  4. ExisEng soluEons CAPTCHAs User Account Control Drawback: Intrusive Drawback: Default “yes” [Whitten,Tygar ’99] How to disEnguish humans from bots automaEcally? NSDI 2009 4

  5. Strawman: A=esEng human acEvity with Trusted PlaMorm Modules Attested Keystrokes Keystrokes NSDI 2009 5

  6. Problems with the strawman Attested Keystrokes Browser OS Slow High-rate clicks NSDI 2009 6

  7. AssumpEons and Requirements  Assumptions • Untrusted OS • Verifiable TPM bootup • Correct implementation of cryptographic primitives  Requirements • Automatic • Fast (handle interactive traffic) • Small TCB (Trusted Computing Base) • Preserve privacy and anonymity NSDI 2009 7

  8. TPM Background  Small, physically sealed chip  Internal private key for measuring and reporting system integrity  Two relevant protocols • Direct anonymous attestation  Group signatures using a key K priv • Sealed storage  Secure location to store until system integrity K priv verified NSDI 2009 8

  9. NAB (Not‐A‐Bot) Architecture Web Server Browser Verifier OS A"ester TPM A=ested TCB requests Network  Goal: Attest all human requests, reduce attested bot requests • No blacklisting: human requests from compromised hosts still receive service NSDI 2009 9

  10. A=estaEon security properEes  Non-transferable • Cannot generate at one host, use at another  Bound to request content • No way to send spam from bots using one gmail account  Single-use (verifier detects dupes)  Limited valid time-window NSDI 2009 10

  11. When to a=est?  Simple, timing-based attestation • Requires human activity  Allow attestation when request received within δ {k,m} of last keyboard, mouse click  Attester provides attestation only if δ {k,m} < Δ {k,m} (= 1s for email) • Verifier checks δ {k,m} in attestation for validity  Reduces click harvesting NSDI 2009 11

  12. What to a=est?  Challenger-specific To: bob@b.org • Cannot be retargeted From: alice@a.org Hi Bob,…  Responder-specific • Cannot exploit manually configured whitelisting  Content-specific • Cannot modify or piggyback on valid messages NSDI 2009 12

  13. What is in an a=estaEon?  Signed SHA-1 hash of message  160-bit signed nonce • Verifier stores nonces for application-defined period, checks duplicates  Optional δ {k,m} values (omitted for privacy)  Certificate to verify K priv Siged Attestation K priv {H(msg)} δ m , δ k } certified K pub Nonce K priv { NSDI 2009 13

  14. A=ester Interfaces User req(h(msg), type, kbd, mouse clicks , , PID) ¢ ¢ A=ester App m k OS Measure integrity, A=estaEon release cerEfied TPM {K pub, K priv } at boot Type: Anonymous or non-anonymous PID: Delayed attestation release for a process NSDI 2009 14

  15. A=ester OperaEon  Installation: Set to use TPM register# 18: PCRExtend (18, Hash(Attester Code))  Sealing private key K priv to host: S=Seal (18,K priv ) K priv  Booting: Release K priv to attester: K priv =Unseal (S,(18,PCR 18 )) Recomputed attester’s hash NSDI 2009 15

  16. Verifier OperaEon  Checks validity of K priv , attestation, nonce  Uses application-specific policies  Email: mail Below spam assassin threshold? yes no Forward A=ested? no yes Nonce valid? Discard yes no Forward Discard NSDI 2009 16

  17. Email: Usage scenarios and incenEves  Mailing lists • Verifier checks subscription to mailing list name in “To:” field  Offline mode • Attestation requested when user hits “send”  Sender incentive • Better email reliability  Recipient incentive • Reduced mail server load, better reliability NSDI 2009 17

  18. Request processing at verifier Attested Requests Overloaded email, web server Unattested PrioriEze a=ested requests NSDI 2009 18

  19. DDoS, Click‐fraud: Usage and incenEves  Browser gets attestation when requesting document root (“http://foo.com/”) • Verifier stores attestation, accepts same attestation in future for all embedded links • 10 minutes expiry  Browser forced to use new attestation for next fetch  Incentive: Attester distributed in search engine toolbars NSDI 2009 19

  20. EvaluaEon  Implemented attester with Xen VMM • Uses domain disaggregation [Murray et al.,’08] • Attester within a paravirtualized Xen domain built with miniOS, isolated from untrusted OS  Trace-driven verifier evaluation • Click traces of 328 users in one month [Giroire et al.,’08] • Publicly available spam, DDoS and click-fraud traces • Worst-case scenario with adaptive bots NSDI 2009 20

  21. A=ester evaluaEon  CPU cost: At most 10 ms on 2 GHz CPU • RSA signatures, 1024-bit modulus  Complexity metric: lines of code • Attester kernel module: 500 lines • miniOS: 30,000 lines  Applications: NET::SMTP (Email), cURL (Web) • 250 lines of code modified • Attestations as extended protocol objects NSDI 2009 21

  22. Verifier evaluaEon  Methodology: 328 click traces at 1s intervals • Adaptive bot: steals as many clicks as possible • Generates traffic using all stolen clicks • Compare against status quo (normal bot without NAB) within the same time • 328 data points, one for each user’s trace  Other metrics • Nonce storage cost (< 600 GB for one-month nonces with million clients) • Throughput: 10,000 attestations/s NSDI 2009 22

  23. Spam miEgaEon Default: 1.5% missed spam, 0.08% misclassified as spam NAB reduces inbox spam by 90% NAB: 0.15% missed spam, 0% misclassified as spam NSDI 2009 23

  24. Email server overload miEgaEon No trace sees more than 8% prioritized spam NAB reduces email server overload by at least 92% NSDI 2009 24

  25. DDoS miEgaEon No trace sees more than 11% prioritized DDoS NAB miEgates 89% of DDoS requests NSDI 2009 25

  26. Click‐fraud miEgaEon No trace sees more than 13% click-fraud traffic NAB reduces click‐fraud by 87% NSDI 2009 26

  27. Related work  Human activity detection • CAPTCHAs [Ahn et al.,’03]  Susceptible to man-in-the-middle attack • Nexus [Williams et al.,’08]  Not for commodity OSes  Mitigating spam, DDoS, click-fraud • Spam: Occam [Fleizach et al.,’07], SPF, DKIM • DDoS: Path validation, bandwidth-as-payment • Click-fraud: Syndicators, clickable CAPTCHAs • Mostly specialized, share little commonality NSDI 2009 27

  28. Conclusions  NAB: Improves service availability in the presence of botnets • Even on botted hosts, users get ~ 100% service  No blacklisting • De-prioritize or drop up to 90% bot traffic  Automatic content- and machine-specific attestations  Single abstraction, support for application- specific verifier policies  Future work: Attestation without virtualization NSDI 2009 28

Recommend

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction to the problem Architecture of NAB A way to attest human-generated traffic Use of attestation to mitigate presented problems Results

418 views • 25 slides
Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H.

Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H.

CS 598-PBG Presented by Ashish Vulimiri Not-A-Bot: Improving Service Availability in the Face of Botnet Attacks R. Gummadi, H. Balakrishnan, P . Maniatis, S. Ratnasamy Presented by: Ashish Vulimiri Images lifted from paper/authors NSDI09

560 views • 30 slides
Improving availability of ASF Challenges and Opportunities Khieu Borin Director General for

Improving availability of ASF Challenges and Opportunities Khieu Borin Director General for

FEED THE FUTURE INNOVATION LAB FOR LIVESTOCK SYSTEMS University of Florida Global Nutrition Symposium Theme: Nurturing development: Improving human nutrition with animal-source foods March 29 to 30, 2017 Improving availability of ASF Challenges

431 views • 20 slides
CES/NMSBA LEADERSHIP DEVELOPMENT SCHEDULE OF FOUR FACE TO FACE SESSIONS IMPROVING STUDENT

CES/NMSBA LEADERSHIP DEVELOPMENT SCHEDULE OF FOUR FACE TO FACE SESSIONS IMPROVING STUDENT

CES/NMSBA LEADERSHIP DEVELOPMENT SCHEDULE OF FOUR FACE TO FACE SESSIONS IMPROVING STUDENT ACHIEVEMENT THROUGH COMMUNITY ENGAGEMENT (KEY WORK OF SCHOOL BOARDS) POWERS AND DUTIES OF THE BOARD DECEMBER TRAINING Overview of the major

457 views • 6 slides
High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service

High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service

High Availability with the openais project Prepared by: Steven Dake 7/12/05 Agenda Service Availability Forum Reliability and Availability Application Interface Specification Service Availability Forum Mission The Service

256 views • 24 slides
Improving Client Web Availability with MONET David G. Andersen, CMU Hari Balakrishnan, M. Frans

Improving Client Web Availability with MONET David G. Andersen, CMU Hari Balakrishnan, M. Frans

Improving Client Web Availability with MONET David G. Andersen, CMU Hari Balakrishnan, M. Frans Kaashoek, Rohit Rao, MIT http: //nms.csail.mit.edu/ron/ronweb/ Availability We Want Carrier Airlines (2002 FAA Fact Book) 41 accidents,

701 views • 55 slides
Hom e H Healt h Service ces and Fa Face-t o-Face Encount er Requirem ent s Guest Presenters

Hom e H Healt h Service ces and Fa Face-t o-Face Encount er Requirem ent s Guest Presenters

Hom e H Healt h Service ces and Fa Face-t o-Face Encount er Requirem ent s Guest Presenters Alexandra Koloskus, JD Matt Colussi June 2017 Our r Mission I mproving health care access and outcomes for the people we serve while

448 views • 20 slides
Improving RGB-D face recognition via transferring pretrained 2D networks Xingwang Xiong, Xu Wen,

Improving RGB-D face recognition via transferring pretrained 2D networks Xingwang Xiong, Xu Wen,

Improving RGB-D face recognition via transferring pretrained 2D networks Xingwang Xiong, Xu Wen, and Cheng Huang INSTITUTE O https://github.com/XingwXiong/Face3D-Pytorch OF C COMPUTING T TECHNOLOGY 3D Face Recognition Algorithm Challenge

521 views • 13 slides
GRETB Adult Guidance and Information Service Pre-Covid 19 Face to Face One to One/Group

GRETB Adult Guidance and Information Service Pre-Covid 19 Face to Face One to One/Group

GRETB Adult Guidance and Information Service Pre-Covid 19 Face to Face One to One/Group Guidance and Information Session in 41 FET Centres throughout the region Phone/Email/Drop in Information Queries Team Meeting held once a month

440 views • 18 slides
An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and

An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and

An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and Rogrio de Lemos Computing Laboratory - University of Kent at Canterbury, UK Motivation Architectural pattern Implementation and results

306 views • 12 slides
LIFE WELL PLANNED CHAIRMANS MESSAGE Combining good old fashioned face-to-face service with real

LIFE WELL PLANNED CHAIRMANS MESSAGE Combining good old fashioned face-to-face service with real

LIFE WELL PLANNED CHAIRMANS MESSAGE Combining good old fashioned face-to-face service with real value for our Clients has brought Globaleye to where we are today. We complement this with some of the most innovative online solutions which help

497 views • 13 slides
Improving the regulation of generic medicines in Australia Facilitating timely availability of

Improving the regulation of generic medicines in Australia Facilitating timely availability of

Improving the regulation of generic medicines in Australia Facilitating timely availability of high quality and affordable medicines to the Australian public Dr Michael Ernst-Russell Principal Evaluator Pharmaceutical Chemistry Section

409 views • 17 slides
eBook Challenges Libraries face a Libraries face a challenge of challenge of discoverability

eBook Challenges Libraries face a Libraries face a challenge of challenge of discoverability

ReadersFirst A movement to improve e-book access &amp; services for public library users eBook Challenges Libraries face a Libraries face a challenge of challenge of discoverability and availability in that access from eBook some publishers

716 views • 19 slides
High Availability with the openais project Prepared by: Steven Dake October 2005 Agenda

High Availability with the openais project Prepared by: Steven Dake October 2005 Agenda

High Availability with the openais project Prepared by: Steven Dake October 2005 Agenda Service Availability Forum Reliability and Availability Application Interface Specification The openais project Service Availability Forum

547 views • 26 slides
Dog Warden Service Dog Warden Service The dog warden service works towards improving quality of

Dog Warden Service Dog Warden Service The dog warden service works towards improving quality of

Dog Warden Service Dog Warden Service The dog warden service works towards improving quality of life now and for The dog warden service works towards improving quality of life now and for future generations by helping to create a healthier

301 views • 14 slides
Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation

Improving Cross-database Face Presentation Attack Detection via Adversarial Domain Adaptation Guoqing Wang 1,3 , Hu Han , 1,2 , Shiguang Shan 1,2,3,4 , and Xilin Chen 1,3 1 Key Laboratory of Intelligent Information Processing of Chinese Academy

130 views • 8 slides
Face detection, local features face alignment, and Face detection

Face detection, local features face alignment, and Face detection

12/6/2013 Lecture overview Brief introduction to Face detection, local features face alignment, and Face detection http://www.ima.umn.edu/2008-2009/MM8.5-14.09/activities/Wohlberg-Brendt/sift.png face image parsing

238 views • 11 slides
for High Availability Martin Thompson - @mjpt777 What Is High Availability ?

for High Availability Martin Thompson - @mjpt777 What Is High Availability ?

Event Sourced Architectures for High Availability Martin Thompson - @mjpt777 What Is High Availability ? Availability refers to ability of the user community to access a system not about Uptime! By High availability we

814 views • 19 slides
Face Cover Face Coverings In School Guidelines Face Coverings Face Coverings and PPE Cloth

Face Cover Face Coverings In School Guidelines Face Coverings Face Coverings and PPE Cloth

Face Cover Face Coverings In School Guidelines Face Coverings Face Coverings and PPE Cloth face coverings protect others if the wearer is infected with SARS CoV-2 and is not aware. Cloth masks may offer some level of protection for the

197 views • 5 slides
Quality of Service Quality of Service Principles, IntServ, RSVP, DiffServ Improving QOS in IP

Quality of Service Quality of Service Principles, IntServ, RSVP, DiffServ Improving QOS in IP

Quality of Service Quality of Service Principles, IntServ, RSVP, DiffServ Improving QOS in IP Networks Improving QOS in IP Networks IETF groups are working on proposals to provide better QOS control in IP networks, i.e., going beyond best

470 views • 27 slides
A MAZON S3 Simple storage service Launched: March 14, 2006 Simple key/value storage

A MAZON S3 Simple storage service Launched: March 14, 2006 Simple key/value storage

A MAZON S3: A RCHITECTING FOR R ESILIENCY IN THE F ACE OF M ASSIVE L OAD Jason McHugh S ETTING THE S TAGE Architecting for Resiliency in the Face of Massive Load Resiliency &gt; High availability Massive load 1. Many requests 2.

845 views • 46 slides
PERFORMANCE FAULT TOLERANCE AVAILABILITY FEATURE VELOCITY PERFORMANCE FAULT TOLERANCE

PERFORMANCE FAULT TOLERANCE AVAILABILITY FEATURE VELOCITY PERFORMANCE FAULT TOLERANCE

PERFORMANCE FAULT TOLERANCE AVAILABILITY FEATURE VELOCITY PERFORMANCE FAULT TOLERANCE AVAILABILITY SERVICE A SERVICE B SERVICE C SERVICE D SERVICE E SERVICE F SERVICE G SERVICE A SERVICE B SERVICE C SERVICE D SERVICE E SERVICE F

787 views • 50 slides
Path to IPv4 Exhaustion are w e Are we Ready to face it? A Presenter: Madhvi Gokool,

Path to IPv4 Exhaustion are w e Are we Ready to face it? A Presenter: Madhvi Gokool,

Path to IPv4 Exhaustion are w e Are we Ready to face it? A Presenter: Madhvi Gokool, Registration Service Manager AFRINIC Ltd re we ready to face it PAre we ready to face it? In brief, this presentation will briefly go through the topics

517 views • 37 slides
Improving homes and lives every day. Service Coordination Business Unit Improving homes and lives

Improving homes and lives every day. Service Coordination Business Unit Improving homes and lives

Improving homes and lives every day. Service Coordination Business Unit Improving homes and lives every day. Agenda Whats New Department Updates - Heather Follow Up: Things to Remember Operations Updates Annette QA

565 views • 23 slides

More recommend