lsad07 psp

Information about lsad07 psp

Published on October 9, 2007

Author: Breezy

Source: authorstream.com

Content

Minimizing Collateral Damage by Proactive Surge Protection:  Minimizing Collateral Damage by Proactive Surge Protection Jerry Chou, Bill Lin University of California, San Diego Subhabrata Sen, Oliver Spatscheck AT&T Labs-Research Problem:  Problem Large-scale bandwidth-based DDoS attacks can quickly knock out substantial parts of the network before reactive defenses can respond All traffic that share common route links will suffer collateral damage even if OD pair is not under direct attack Problem:  Problem Potential for large-scale bandwidth-based DDoS attacks exist e.g. large botnets with more than 100,000 bots exist today that, when combined with the prevalence of high-speed Internet access, can give attackers multiple tens of Gb/s of attack capacity Moreover, core networks are oversubscribed (e.g. some core routers in Abilene have more than 30 Gb/s incoming traffic from access networks, but only 20 Gb/s of outgoing capacity to the core Problem:  Problem Router-based defenses like Random Early Drop (RED, RED-PD, etc) can prevent congestion by dropping packets early before congestion But may drop normal traffic indiscriminately, causing responsive TCP flows to severely degrade Approximate fair dropping schemes aim to provide fair sharing between flows But attackers can launch many seemingly legitimate TCP connections with spoofed IP addresses and port numbers Both aggregate-based and flow-based router defense mechanisms can be defeated Problem:  Problem Router-based defenses like Random Early Drop (RED, RED-PD, etc) can prevent congestion by dropping packets early before congestion But may drop normal traffic indiscriminately, causing responsive TCP flows to severely degrade Approximate fair dropping schemes aim to provide fair sharing between flows But attackers can launch many seemingly legitimate TCP connections with spoofed IP addresses and port numbers Both aggregate-based and flow-based router defense mechanisms can be defeated Example Scenario:  Example Scenario Suppose under normal condition Traffic between Seattle/NY + Sunnyvale/NY under 10 Gb/s New York Seattle 10G 10G 10G Houston Atlanta Indianapolis Kansas City Sunnyvale Example Scenario:  Example Scenario Suppose sudden attack between Houston/Atlanta Congested links suffer high rate of packet loss Serious collateral damage on crossfire OD pairs New York Sunnyvale Seattle 10G 10G 10G Houston Atlanta Indianapolis Kansas City Impact on Collateral Damage:  Impact on Collateral Damage OD pairs are classified into 3 types with respect to the attack traffic Even a small percentage of attack flows can affect substantial parts of the network Our Solution:  Our Solution Provide bandwidth isolation between OD pairs, independent of IP spoofing or number of TCP/UDP connections We call this method Proactive Surge Protection (PSP) as it aims to proactively limit the damage that can be caused by sudden demand surges, e.g. sudden bandwidth-based DDoS attacks Basic Idea: Bandwidth Isolation:  Traffic received in NY: Seattle: 3 Gb/s Sunnyvale: 3 Gb/s … Basic Idea: Bandwidth Isolation Reserve bandwidth for expected OD pair demand Meter and tag packets on ingress as HIGH or LOW Drop LOW packets under congestion inside network New York Sunnyvale Seattle 10G 10G 10G Houston Atlanta Indianapolis Kansas City Basic Idea: Bandwidth Isolation:  Traffic received in NY: Seattle: 3 Gb/s Sunnyvale: 3 Gb/s … Basic Idea: Bandwidth Isolation Reserve bandwidth for expected OD pair demand Meter and tag packets on ingress as HIGH or LOW Drop LOW packets under congestion inside network New York Sunnyvale Seattle 10G 10G 10G Houston Atlanta Indianapolis Kansas City Architecture:  Forecaster Bandwidth Allocator Architecture Forecast Matrix Bandwidth Allocation Matrix tagged packets forwarded packets dropped packets Data Plane Policy Plane Deployed at Network Routers Deployed at Network Perimeter arriving packets High priority Low priority Forecasting and Allocation:  Forecasting and Allocation We use historical network measurements as a forecast of expected normal traffic e.g. average weekday traffic demand at 3pm EDT over past 2 months More sophisticated forecasting methods (e.g. Bayesian schemes) possible, but already good results with simple forecasting To account for forecasting inaccuracies and to provide headroom for traffic burstiness, proportionally scale forecast matrix to fully allocate available network capacity Proportional Scaling:  Proportional Scaling Iteratively scale bandwidth allocation in “water-filling” manner 0 2 4 6 8 10 BW BA CB BC AB Links 1st round A B C 1 1.5 1 0.5 2 0.5 1 1.5 1 Forecast Matrix A B C Networks:  Networks Abilene US public academic network 11 nodes, 14 links (10Gb/s) Traffic data: 10/01/06-12/06/06 US Backbone US Private ISP tier1 backbone network 700 nodes, 2000 links (1.5Mb/s – 10Gb/s) Traffic data: 09/01/06-11/17/06 Europe Backbone Europe private ISP tier1 backbone network 900 nodes, 3000 links (1.5Mb/s – 10Gb/s) Traffic data: 11/18/06-12/18/06 DDoS Attack Data:  DDoS Attack Data Abilene Bottleneck links Denver, Kansas City, Indianapolis  Chicago (5G each) US Backbone Commercial anomaly detection alarm Pick the alarm with most flows, and scale their demand by 1000x Europe Backbone Synthetic attack flow generator Randomly generate attack flows among 0.1% OD pairs. Seattle Sunnyvale Indianapolis Denver Los Angeles Kansas City Chicago New York Washington Atlanta Houston Packet Drop Rate Comparison:  Packet Drop Rate Comparison Abilene Packet Drop Rate Comparison:  Packet Drop Rate Comparison US Packet Drop Rate Comparison:  Packet Drop Rate Comparison Europe Behavior Under Scaled Attacks:  Behavior Under Scaled Attacks Packet drop rate under attack demand scaled by factor 0 to 3x PSP provides greater improvement as attack scale increases Abilene Behavior Under Scaled Attacks:  Packet drop rate under attack demand scaled by factor 0 to 3x PSP provides greater improvement as attack scale increases Behavior Under Scaled Attacks US Behavior Under Scaled Attacks:  Packet drop rate under attack demand scaled by factor 0 to 3x PSP provides greater improvement as attack scale increases Behavior Under Scaled Attacks Europe Summary of Contributions:  Summary of Contributions Proposed proactive solution provides network operators with first line of defense when sudden DDoS attacks occur Solution not dependent on unauthenticated header information, thus robust to IP and TCP sproofing Minimize collateral damage by providing bandwidth isolation between traffic Solution readily deployable using existing router mechanism Simulation results show up to 95.5% of network could suffer collateral damage Solution reduced collateral damage by 60.5-97.8% Questions?:  Questions?

Related presentations


Other presentations created by Breezy

Plant Anatomy
03. 01. 2008
0 views

Plant Anatomy

Learning Long Division
15. 06. 2007
0 views

Learning Long Division

ADO Net
24. 10. 2007
0 views

ADO Net

Ch 2 Chemistry of Life
05. 01. 2008
0 views

Ch 2 Chemistry of Life

REORGANIZATION
27. 09. 2007
0 views

REORGANIZATION

Enhanced Fujita Scale 6 23 04
05. 10. 2007
0 views

Enhanced Fujita Scale 6 23 04

severe convection punkka
07. 10. 2007
0 views

severe convection punkka

idioms1
10. 10. 2007
0 views

idioms1

SabadosCiencia2006
13. 10. 2007
0 views

SabadosCiencia2006

Rousset EID06
19. 10. 2007
0 views

Rousset EID06

TheodoreRoosevelt
22. 10. 2007
0 views

TheodoreRoosevelt

Timss
17. 10. 2007
0 views

Timss

Wynn ASA 2000
04. 10. 2007
0 views

Wynn ASA 2000

aas strom
29. 08. 2007
0 views

aas strom

element connections
29. 08. 2007
0 views

element connections

hwr clustering
29. 08. 2007
0 views

hwr clustering

Pov map 20060717 1
29. 11. 2007
0 views

Pov map 20060717 1

CONSTRUCTING BUD VASES ADN BOWS
11. 12. 2007
0 views

CONSTRUCTING BUD VASES ADN BOWS

nobel talk
15. 10. 2007
0 views

nobel talk

18 FOSIS
24. 10. 2007
0 views

18 FOSIS

Lec 08 FO1 06 Urbanisation
01. 11. 2007
0 views

Lec 08 FO1 06 Urbanisation

America vs The World
22. 10. 2007
0 views

America vs The World

Vasco Da Gama Slide Show
07. 11. 2007
0 views

Vasco Da Gama Slide Show

Fliess
15. 11. 2007
0 views

Fliess

01 threat
19. 11. 2007
0 views

01 threat

Konsolen
21. 11. 2007
0 views

Konsolen

the dancers
23. 11. 2007
0 views

the dancers

Probil
26. 11. 2007
0 views

Probil

UNE Benz
27. 11. 2007
0 views

UNE Benz

Galaxies
29. 08. 2007
0 views

Galaxies

DB2 XML DatabaseFINAL
23. 10. 2007
0 views

DB2 XML DatabaseFINAL

akzonobel
15. 10. 2007
0 views

akzonobel

ilana
29. 08. 2007
0 views

ilana

lauter
07. 11. 2007
0 views

lauter

GradSch GPOs
04. 10. 2007
0 views

GradSch GPOs

PHYS402 01
16. 10. 2007
0 views

PHYS402 01

cry beloved
02. 08. 2007
0 views

cry beloved

curtis
02. 08. 2007
0 views

curtis

Chaplet of Divine Mercy
02. 08. 2007
0 views

Chaplet of Divine Mercy

CS583 opinion mining
02. 08. 2007
0 views

CS583 opinion mining

A TIME FOR ANDREW Pres 2
02. 08. 2007
0 views

A TIME FOR ANDREW Pres 2

arthur powerpoint 11 20 03
02. 08. 2007
0 views

arthur powerpoint 11 20 03

cheryl toner ific
02. 08. 2007
0 views

cheryl toner ific

bats
02. 08. 2007
0 views

bats

23 stavros thurs
02. 08. 2007
0 views

23 stavros thurs

aas04 jeff
29. 08. 2007
0 views

aas04 jeff

moustakis
29. 08. 2007
0 views

moustakis

irsurveys07
29. 08. 2007
0 views

irsurveys07

venice oct03
29. 08. 2007
0 views

venice oct03

Office of Homeleand Security
29. 10. 2007
0 views

Office of Homeleand Security

agn presentation 102106
29. 08. 2007
0 views

agn presentation 102106

ReginaSchulteLadbeck 042104
29. 08. 2007
0 views

ReginaSchulteLadbeck 042104

Weingarten
03. 01. 2008
0 views

Weingarten

Presentation NASDAQ
24. 02. 2008
0 views

Presentation NASDAQ

nov retail ebony
24. 02. 2008
0 views

nov retail ebony

APAsymp04AIDMAN
02. 08. 2007
0 views

APAsymp04AIDMAN

Ray Flores Roadmap
04. 03. 2008
0 views

Ray Flores Roadmap

Beloved
02. 08. 2007
0 views

Beloved

2004 4050S1 11 Levin
02. 08. 2007
0 views

2004 4050S1 11 Levin

Konstantinidis
29. 09. 2007
0 views

Konstantinidis

Qin and Han Dynasties
25. 03. 2008
0 views

Qin and Han Dynasties

andy powell presentation
02. 08. 2007
0 views

andy powell presentation

arena rome minier
13. 11. 2007
0 views

arena rome minier

Presentation010605
10. 04. 2008
0 views

Presentation010605

03edclark lecture
13. 04. 2008
0 views

03edclark lecture

richard mushotzky
29. 08. 2007
0 views

richard mushotzky

Lawrence D Boston 2006
14. 04. 2008
0 views

Lawrence D Boston 2006

DMCH13
16. 04. 2008
0 views

DMCH13

ERates
17. 04. 2008
0 views

ERates

JHAN 14
18. 04. 2008
0 views

JHAN 14

4884061 firstfileFILE
22. 04. 2008
0 views

4884061 firstfileFILE

ppt26
23. 12. 2007
0 views

ppt26

Operations
28. 04. 2008
0 views

Operations

CH10 Outline
07. 04. 2008
0 views

CH10 Outline

CIM research
30. 04. 2008
0 views

CIM research

komossa
29. 08. 2007
0 views

komossa

ieee sp 2004
18. 06. 2007
0 views

ieee sp 2004

icws 2006 3
18. 06. 2007
0 views

icws 2006 3

ICTP intro
18. 06. 2007
0 views

ICTP intro

human mating beh 2005
18. 06. 2007
0 views

human mating beh 2005

IMDS CIESP
14. 11. 2007
0 views

IMDS CIESP

welch adv camp july05
02. 10. 2007
0 views

welch adv camp july05

Glycosylation
15. 06. 2007
0 views

Glycosylation

Making a Story Board
15. 06. 2007
0 views

Making a Story Board

Story Literary Elements
15. 06. 2007
0 views

Story Literary Elements

Life Cycle of Plants and Animals
15. 06. 2007
0 views

Life Cycle of Plants and Animals

Session1Alila
02. 11. 2007
0 views

Session1Alila

beetleborers
02. 01. 2008
0 views

beetleborers

2006 IADB
10. 10. 2007
0 views

2006 IADB

robo wk1
03. 01. 2008
0 views

robo wk1

Rosemary Panama
22. 10. 2007
0 views

Rosemary Panama

ec06nicapan
25. 10. 2007
0 views

ec06nicapan

Allies Pre Training Module
02. 08. 2007
0 views

Allies Pre Training Module

Carmona
30. 12. 2007
0 views

Carmona

TheSuccessofSingapor e2006
27. 03. 2008
0 views

TheSuccessofSingapor e2006

Advisory Board Presentation
02. 08. 2007
0 views

Advisory Board Presentation

Cameron SAS44 A Century of OA
27. 02. 2008
0 views

Cameron SAS44 A Century of OA

dubrovnik
16. 10. 2007
0 views

dubrovnik

sprfett
07. 01. 2008
0 views

sprfett

mccune albright syndrome
15. 10. 2007
0 views

mccune albright syndrome

michael soendermann 2007
18. 10. 2007
0 views

michael soendermann 2007

astro12Summer12
29. 08. 2007
0 views

astro12Summer12

familyweek1
19. 02. 2008
0 views

familyweek1