Dixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites
|
|
- Daniela Parks
- 5 years ago
- Views:
Transcription
1 Characterization and Implications of Flash Crowds and DoS attacks on websites Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology 9 Feb 2017
2 Presentation Overview Introduction Characteristics Analysis of Flash Events Analysis of DoS Attacks Server Strategy Conclusion 9 Feb 2017 Presentation Overview 2
3 Presentation Overview Introduction Characteristics Analysis of Flash Events Analysis of DoS Attacks Server Strategy Conclusion 9 Feb 2017 Presentation Overview 3
4 Introduction Flash crowds and DoS attacks often overload web sites to a point when their services are degraded or disrupted entirely Flash events are created by unusual but legitimate traffic e.g.? DoS attacks contain malicious requests with the intention of disrupting normal operation of the site 9 Feb 2017 Presentation Overview 4
5 Introduction Sometimes the occurrence of events is known in advance An on-line play-along website for a popular TV program may receive more visitors during a broadcast URL s advertised during an event (football games) e.g.? but that s not the case always Due to the September 2011 terrorist attack, cnn.com observed dramatic increase in requests 9 Feb 2017 Presentation Overview 5
6 Introduction DoS attacks contain malicious requests with the intention of disrupting normal operation of the site e.g. TCP SYN, http flooding Attackers generally use multiple compromised hosts Effects on a website: Website unable to server the legitimate users In most cases the server crashes or the website has to be taken offline 9 Feb 2017 Presentation Overview 6
7 Presentation Overview Introduction Characteristics Analysis of Flash Events Analysis of DoS Attacks Server Strategy Conclusion 9 Feb 2017 Presentation Overview 7
8 Characteristics Traffic Patterns Let s us know how much resources are needed Helps articulate when the server is overwhelmed and defensive measures are required Client Characteristics Can help in distinguishing legitimate and malicious users Client clustering : aggregate clients into groups belonging to a same administrative domain Uses a set of network prefixes obtained from BGP tables 9 Feb 2017 Presentation Overview 8
9 Characteristics File Reference Additional differentiator to rule out suspicious activities Aggregation of reference patterns of users and client clusters 9 Feb 2017 Presentation Overview 9
10 Presentation Overview Introduction Characteristics Analysis of Flash Events Analysis of DoS Attacks Server Strategy Conclusion 9 Feb 2017 Presentation Overview 10
11 Analysis of Flash Events HTTP traces from two events were analysed One from a popular TV show (Play-along) and another from Chilean election site at the time of presidential election 9 Feb 2017 Presentation Overview 11
12 Analysis of Flash Events Traffic Volume: The below table summarizes the number of request, documents and clients found in the traces 9 Feb 2017 Presentation Overview 12
13 Analysis of Flash Events Characterizing Clients The below figure shows the number of distinct clients and client clusters accessing the site in 10 sec interval change 9 Feb 2017 Presentation Overview 13
14 Analysis of Flash Events The spikes in request volumes during an flash event correspond closely with the number of clients accessing the site 9 Feb 2017 Presentation Overview 14
15 Analysis of Flash Events Characterizing File Reference For the two traces, over 60% of the documents were accessed during the flash events 9 Feb 2017 Presentation Overview 15
16 Analysis of Flash Events The figure plots the cumulative fraction of the requests for the documents listing most popular first Less than 10% of the most popular documents account for more than 90% of requests Intelligent caching of these documents can solve the Flash Event problem 9 Feb 2017 Presentation Overview 16
17 Presentation Overview Introduction Characteristics Analysis of Flash Events Analysis of DoS Attacks Server Strategy Conclusion 9 Feb 2017 Presentation Overview 17
18 Analysis of DoS Attacks Password cracking and DoS attacks are considered similar as the end goal is to discard these requests Two log files were analyzed, esg and ol recorded more than 1 million request within 60 days 9 Feb 2017 Presentation Overview 18
19 Analysis of DoS Attacks The figure shows request rates in password cracking DoS attacks to esg and ol 9 Feb 2017 Presentation Overview 19
20 Analysis of DoS Attacks 401 requests are considered as password cracking attempts 9 Feb 2017 Presentation Overview 20
21 Analysis of DoS Attacks In figure each peak was made by the same IP address sending requests per second Increase in request rate occurs due to increase in per-client request rate Increase in number of new client clusters not seen by site before the attack but found during the attack For esg trace 0.6% of the clusters seen during the attack were old clusters and for ol they were 0.1% 9 Feb 2017 Presentation Overview 21
22 Code Red Trace Researchers studied trace of Code Red where log file recorded access from infected computers Attack started with few requests with a surge of requests later as new clusters join the attack Different from flash events as FE s do not have increase in new cluster arrivals 9 Feb 2017 Presentation Overview 22
23 Code Red Trace 9 Feb 2017 Presentation Overview 23
24 Code Red Trace Requests per client Cluster distribution of requests 9 Feb 2017 Presentation Overview 24
25 Flash events vs DoS attacks Characteristic Flash Events DoS Attacks Traffic Volume No. of clients and their distribution Cluster overlap Both have a noticeable increase in terms of number of requests. The length peaks can be large or small depending on the episode. Caused mostly by an increase in number of users accessing the website. Significant overlap between clusters a site sees before and during FE. Caused either by an increase in no. of clients or per client requests. Cluster overlap is very small. Per client Per client request rates are Some DoS attacks involve a few Request rates lower as number of clients emitting very high request legitimate clients access the rates and some involve large Web Site. amount of clients generating a low request rate. But per client request rate remains abnormal. 9 Feb 2017 Presentation Overview 25
26 Presentation Overview Introduction Characteristics Analysis of Flash Events Analysis of DoS Attacks Server Strategy Conclusion 9 Feb 2017 Presentation Overview 26
27 Server Strategy Differentiate between malicious and normal requests Monitor the clients and their request rate Periodic clustering over the client set accumulated in past without DoS or FE s. When performance degrades, discard packets from clients not belonging to old clusters 9 Feb 2017 Presentation Overview 27
28 Presentation Overview Introduction Characteristics Analysis of Flash Events Analysis of DoS Attacks Server Strategy Conclusion 9 Feb 2017 Presentation Overview 28
29 Conclusion Flash crowd and DoS may exhibit similar traffic pattern but can be differentiated by Per client request rates Cluster overlap These metrics can help distinguish legitimate traffic from malicious traffic which can be blocked accordingly 9 Feb 2017 Presentation Overview 29
30 References Jaeyeon Jung, Balachander Krishnamurthy, and Michael Rabinovich, Flash Crowds and Denial of Service attacks: Characterization and implications for CDN s and Web Sites in Proceedings of the ACM WWW, Honolulu, HI, May 2002, pp Nishi-Waseda, Shinjuku-ku, Methods of Distinguishing Flash Crowds from Spoofed DoS Attacks, Next Generation Internet Networks, 3rd EuroNGI Conference Feb 2017 Presentation Overview 30
Chapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks
Security+ Guide to Network Security Fundamentals, Fourth Edition Network Attacks Denial of service Attacks Introduction: What is DoS? DoS attack is an attempt (malicious or selfish) by an attacker to cause
More informationDENIAL OF SERVICE ATTACKS
DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (7 th Week) 7. Denial-of-Service Attacks 7.Outline Denial of Service Attacks Flooding Attacks Distributed Denial of Service Attacks Application Based
More informationDenial of Service (DoS)
Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:
More informationResources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can
Resources and Credits Denial of Service COMP620 Information on Denial of Service attacks can be found on Wikipedia. Graphics and some text in these slides was taken from the Wikipedia site The textbook
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 8 Denial of Service First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Denial of Service denial of service (DoS) an action
More informationDistinguishing DDoS Attacks from Flash Crowds Using Probability Metrics
Li, Ke, Zhou, Wanlei, Li, Ping, Hai, Jing and Liu, Jianwen 2009, Distinguishing DDoS attacks from flash crowds using probability metrics, in NSS 2009 : Proceedings of the third International Conference
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationDenial of Service and Distributed Denial of Service Attacks
Denial of Service and Distributed Denial of Service Attacks Objectives: 1. To understand denial of service and distributed denial of service. 2. To take a glance about DoS techniques. Distributed denial
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationMulticast Subsecond Convergence
Multicast Subsecond Convergence First Published: July 22, 2002 Last Updated: September 10, 2010 The Multicast Subsecond Convergence feature comprises a comprehensive set of features and protocol enhancements
More informationDetecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University
Detecting Distributed Denial-of of-service Attacks by analyzing TCP SYN packets statistically Yuichi Ohsita Osaka University Contents What is DDoS How to analyze packet Traffic modeling Method to detect
More informationDiscriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric
Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric HeyShanthiniPandiyaKumari.S 1, Rajitha Nair.P 2 1 (Department of Computer Science &Engineering,
More informationCheck Point DDoS Protector Simple and Easy Mitigation
Check Point DDoS Protector Simple and Easy Mitigation Jani Ekman janie@checkpoint.com Sales Engineer DDoS Protector 1 (D)DoS Attacks 2 3 4 DDoS Protector Behavioral DoS Protection Summary 2 What is an
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Denial of Service Intentional prevention of access to valued resource CPU,
More informationIntroduction to Security. Computer Networks Term A15
Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet
More informationDDoS Testing with XM-2G. Step by Step Guide
DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial
More informationCONTENT DISTRIBUTION. Oliver Michel University of Illinois at Urbana-Champaign. October 25th, 2011
CONTENT DISTRIBUTION Oliver Michel University of Illinois at Urbana-Champaign October 25th, 2011 OVERVIEW 1. Why use advanced techniques for content distribution on the internet? 2. CoralCDN 3. Identifying
More informationOpenFlow DDoS Mitigation
OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering Introduction Distributed Denial of Service attacks Types of attacks Application layer attacks
More informationCSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1 Denial of Service Intentional prevention of access to valued resource
More informationINTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
INTRODUCTION: DDOS ATTACKS 1 DDOS ATTACKS Though Denial of Service (DoS) and Distributed Denial of Service (DDoS) have been common attack techniques used by malicious actors for some time now, organizations
More informationEXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS
EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS Andry Putra Fajar and Tito Waluyo Purboyo Faculty of Electrical Engineering,
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Paper by Rocky K C Chang, The Hong Kong Polytechnic University Published in the October 2002 issue of IEEE Communications
More informationAnalysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs
Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs by Charikleia Zouridaki Charikleia Zouridaki 1, Marek Hejmo 1, Brian L. Mark 1, Roshan K. Thomas 2, and Kris Gaj 1 1 ECE
More informationTable of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1
Table of Contents 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1 i 1 Intrusion Detection Statistics Overview Intrusion detection is an important network
More informationConfiguring Storm Control
This module contains the following topics: Finding Feature Information, page 1 Information About Storm Control, page 1 How to Configure Storm Control, page 3 Monitoring Storm Control, page 5 Finding Feature
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationAn Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications
An Empirical Study of Behavioral Characteristics of Spammers: Findings and Implications Zhenhai Duan, Kartik Gopalan, Xin Yuan Abstract In this paper we present a detailed study of the behavioral characteristics
More informationUnsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users
Unsupervised Clustering of Web Sessions to Detect Malicious and Non-malicious Website Users ANT 2011 Dusan Stevanovic York University, Toronto, Canada September 19 th, 2011 Outline Denial-of-Service and
More informationCorrelation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks
Journal of Computer Science Original Research Paper Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks 1 Ayyamuthukumar, D. and 2 S. Karthik 1 Department of CSE,
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationFlow Control Packet Marking Scheme: to identify the sources of Distributed Denial of Service Attacks
Flow Control Packet Marking Scheme: to identify the sources of Distributed Denial of Service Attacks A.Chitkala, K.S. Vijaya Lakshmi VRSE College,India. ABSTRACT-Flow Control Packet Marking Scheme is a
More informationXOR.DDoS Attack Analysis Report
Security Level Public CDNetworks XOR.DDoS Attack Analysis Report 30 th June, 2016 Security Service Team Sungjun Lee Table of Contents 1. Overview... 3 2. What is XOR.DDoS?... 3 2.1 XOR.DDoS Malware Infection
More informationRouting Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security
Routing Security DDoS and Route Hijacks Merike Kaeo CEO, Double Shot Security merike@doubleshotsecurity.com DISCUSSION POINTS Understanding The Growing Complexity DDoS Attack Trends Packet Filters and
More informationChapter 10: Denial-of-Services
Chapter 10: Denial-of-Services Technology Brief This chapter, "Denial-of-Service" is focused on DoS and Distributed Denial-of-Service (DDOS) attacks. This chapter will cover understanding of different
More informationCloudflare Advanced DDoS Protection
Cloudflare Advanced DDoS Protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com
More informationDetect Cyber Threats with Securonix Proxy Traffic Analyzer
Detect Cyber Threats with Securonix Proxy Traffic Analyzer Introduction Many organizations encounter an extremely high volume of proxy data on a daily basis. The volume of proxy data can range from 100
More informationImperva Incapsula Product Overview
Product Overview DA T A SH E E T Application Delivery from the Cloud Whether you re running a small e-commerce business or in charge of IT operations for an enterprise, will improve your website security
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationMobile LOIC Counter Measures
Technical Security Note Mobile LOIC Counter Measures North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888) 234-5763 International Radware Ltd. 22 Raoul Wallenberg St. Tel Aviv
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2650 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationNext Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.
Next Week No sections Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More informationA WEB BASED APPROACH TO DETECT MIMICKING ATTACKS IN HOMOGENEOUS ENVIRONMENT
A WEB BASED APPROACH TO DETECT MIMICKING ATTACKS IN HOMOGENEOUS ENVIRONMENT R. Padmapriya and S. Igni Sabasti Prabu Information technology, Sathyabama University, Chennai, India E-Mail: padmapriyacse60@gmail.com
More informationNetwork Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018
Network Security Evil ICMP, Careless TCP & Boring Security Analyses Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Part I Internet Control Message Protocol (ICMP) Why ICMP No method
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : 642-541 Title : VPN and Security Cisco SAFE Implementation Exam (CSI) Vendors : Cisco
More informationDDoS PREVENTION TECHNIQUE
http://www.ijrst.com DDoS PREVENTION TECHNIQUE MADHU MALIK ABSTRACT A mobile ad hoc network (MANET) is a spontaneous network that can be established with no fixed infrastructure. This means that all its
More informationAttack Prevention Technology White Paper
Attack Prevention Technology White Paper Keywords: Attack prevention, denial of service Abstract: This document introduces the common network attacks and the corresponding prevention measures, and describes
More informationConfiguring Firewall TCP SYN Cookie
The Firewall TCP SYN Cookie feature protects your firewall from TCP SYN-flooding attacks. TCP SYN-flooding attacks are a type of denial-of-service (DoS) attack. Usually, TCP synchronization (SYN) packets
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationModelling Web-server Flash Events
2012 IEEE 11th International Symposium on Network Computing and Applications Modelling Web-server Flash Events Sajal Bhatia, George Mohay, Desmond Schmidt, Alan Tickle Information Security Institute, Queensland
More informationCSC 6575: Internet Security Fall Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers
CSC 6575: Internet Security Fall 2017 Attacks on Different OSI Layer Protocols OSI Layer Basic Attacks at Lower Layers Mohammad Ashiqur Rahman Department of Computer Science College of Engineering Tennessee
More informationdeseo: Combating Search-Result Poisoning Yu USF
deseo: Combating Search-Result Poisoning Yu Jin @MSCS USF Your Google is not SAFE! SEO Poisoning - A new way to spread malware! Why choose SE? 22.4% of Google searches in the top 100 results > 50% for
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationThe Interactive Guide to Protecting Your Election Website
The Interactive Guide to Protecting Your Election Website 1 INTRODUCTION Cloudflare is on a mission to help build a better Internet. Cloudflare is one of the world s largest networks. Today, businesses,
More informationIntroduction to Cisco ASA Firewall Services
Firewall services are those ASA features that are focused on controlling access to the network, including services that block traffic and services that enable traffic flow between internal and external
More informationTracking Global Threats with the Internet Motion Sensor
Tracking Global Threats with the Internet Motion Sensor Michael Bailey & Evan Cooke University of Michigan Timothy Battles AT&T Danny McPherson Arbor Networks NANOG 32 September 7th, 2004 Introduction
More informationGermán Llort
Germán Llort gllort@bsc.es >10k processes + long runs = large traces Blind tracing is not an option Profilers also start presenting issues Can you even store the data? How patient are you? IPDPS - Atlanta,
More informationNetwork Security (and related topics)
Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton
More informationContents. Denial-of-Service Attacks. Flooding Attacks. Distributed Denial-of Service Attacks. Reflector Against Denial-of-Service Attacks
Contents Denial-of-Service Attacks Flooding Attacks Distributed Denial-of Service Attacks Reflector Against Denial-of-Service Attacks Responding to a Denial-of-Service Attacks 2 Denial-of-Service Attacks
More informationCisco IOS Login Enhancements-Login Block
The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible denial-of-service
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2630 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706 Legal and notice information
More informationOn Demand secure routing protocol resilient to Byzantine failures
On Demand secure routing protocol resilient to Byzantine failures Primary Reference: B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, An on-demand secure routing protocol resilient to Byzantine failures,
More informationdfence: Transparent Network- based Denial of Service Mitigation
dfence: Transparent Network- based Denial of Service Mitigation Ajay Mahimkar, Jasraj Dange, Vitaly Shmatikov, Harrick Vin, Yin Zhang University of Texas at Austin mahimkar@cs.utexas.edu The Problem Denial
More informationLatLong: Diagnosing Wide-Area Latency Changes for CDNs
1 LatLong: Diagnosing Wide-Area Latency Changes for CDNs Yaping Zhu 1, Benjamin Helsley 2, Jennifer Rexford 1, Aspi Siganporia 2, Sridhar Srinivasan 2, Princeton University 1, Google Inc. 2, {yapingz,
More informationEE 122: Network Security
Motivation EE 122: Network Security Kevin Lai December 2, 2002 Internet currently used for important services - financial transactions, medical records Could be used in the future for critical services
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More informationSam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF
Sam Pickles, F5 Networks A DAY IN THE LIFE OF A WAF Who am I? Sam Pickles Senior Engineer for F5 Networks WAF Specialist and general security type Why am I here? We get to see the pointy end of a lot of
More informationSite-1. Site-2. L3VPN Route-target and route-distinguisher Part I:
L3VPN Route-target and route-distinguisher Part I: When configuring an L3VPN, you need to include both a route-distinguisher and a route-target. Due to the similar format of these two values, it is hard
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationCS244a: An Introduction to Computer Networks
CS244a: An Introduction to Computer Networks Security Winter 2008 CS244a 1 Announcements (?) Winter 2008 CS244a 2 1 Life Just Before Slammer Winter 2008 CS244a 3 Life Just After Slammer Winter 2008 CS244a
More informationLecture 6: Worms, Viruses and DoS attacks. II. Relationships between Biological diseases and Computers Viruses/Worms
CS 4740/6740 Network Security Feb. 09, 2011 Lecturer: Ravi Sundaram I. Worms and Viruses Lecture 6: Worms, Viruses and DoS attacks 1. Worms They are self-spreading They enter mostly thru some security
More informationddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks
ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks 2 WHAT IS A DDOS-ATTACK AND WHY ARE THEY DANGEROUS? Today's global network is a dynamically developing
More informationNetwork Awareness and Network Security
Network Awareness and Network Security John McHugh Canada Research Chair in Privacy and Security Director, oratory Dalhousie University, Halifax, NS CASCON CyberSecurity Workshop 17 October 2005 Overview
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 18: Network Attacks Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Network attacks denial-of-service (DoS) attacks SYN
More informationDenial of Service. Eduardo Cardoso Abreu - Federico Matteo Bencic - Pavel Alexeenko -
Denial of Service Eduardo Cardoso Abreu - e.abreu@fe.up.pt Federico Matteo Bencic - up201501013@fe.up.pt Pavel Alexeenko - ei11155@fe.up.pt Index What is Denial of Service (DoS)? DoS vs DDoS (Distributed
More informationBuilding a Self-Adaptive Content Distribution Network Gawesh Jawaheer Department of Computing, Imperial College London
Building a Self-Adaptive Content Distribution Network Gawesh Jawaheer Department of Computing, Imperial College London gawesh@doc.ic.ac.uk Abstract In this paper, we propose a framework for building a
More informationDistinguishing between FE and DDoS Using Randomness Check
Distinguishing between FE and DDoS Using Randomness Check Hyundo Park 1,PengLi 2,DebinGao 2, Heejo Lee 1, and Robert H. Deng 2 1 Korea University, Seoul, Korea {hyundo95,heejo}@korea.ac.kr 2 School of
More informationIPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management
IPv6 Firewall Support for Prevention of Distributed Denial of Service Attacks and Resource Management IPv6 zone-based firewalls support the Protection of Distributed Denial of Service Attacks and the Firewall
More informationTo Study and Explain the Different DDOS Attacks In MANET
To Study and Explain the Different DDOS Attacks In MANET Narender Kumar 1, Dr. S.B.L. Tripathi 2, Surbie Wattal 3 1 Research Scholar, CMJ University, Shillong, Meghalaya (India) 2 Ph.D. Research Guide,
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationIntrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks
Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks So we are proposing a network intrusion detection system (IDS) which uses a Keywords: DDoS (Distributed Denial
More information1. Which network design consideration would be more important to a large corporation than to a small business?
CCNA 1 Chapter 11 v5.0 Exam Answers 2015 (100%) 1. Which network design consideration would be more important to a large corporation than to a small business? Internet router firewall low port density
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ISSN: 2229-6948 (ONLINE) ICTACT JOURNAL OF COMMUNICATION TECHNOLOGY, JUNE 2010, VOLUME: 01, ISSUE: 02 DOI: 10.21917/ijct.2010.0013 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING
More informationA custom excerpt from Frost & Sullivan s Global DDoS Mitigation Market Research Report (NDD2-72) July, 2014 NDD2-74
Analysis of the Global Distributed Denial of Service (DDoS) Mitigation Market Abridged Version Rise of the DDoS Attack Spurs Demand for Comprehensive Solutions A custom excerpt from Frost & Sullivan s
More informationDynamics of Hot-Potato Routing in IP Networks
Dynamics of Hot-Potato Routing in IP Networks Jennifer Rexford AT&T Labs Research http://www.research.att.com/~jrex Joint work with Renata Teixeira (UCSD), Aman Shaikh (AT&T), and Timothy Griffin (Intel)
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationOpportunities for Exploiting Social Awareness in Overlay Networks. Bruce Maggs Duke University Akamai Technologies
Opportunities for Exploiting Social Awareness in Overlay Networks Bruce Maggs Duke University Akamai Technologies The Akamai Intelligent Platform A Global Platform: 127,000+ Servers 1,100+ Networks 2,500+
More information9. Security. Safeguard Engine. Safeguard Engine Settings
9. Security Safeguard Engine Traffic Segmentation Settings Storm Control DoS Attack Prevention Settings Zone Defense Settings SSL Safeguard Engine D-Link s Safeguard Engine is a robust and innovative technology
More informationMultivariate Correlation Analysis based detection of DOS with Tracebacking
1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationTable of Contents 1 PIM Configuration 1-1
Table of Contents 1 PIM Configuration 1-1 PIM Overview 1-1 Introduction to PIM-DM 1-2 How PIM-DM Works 1-2 Introduction to PIM-SM 1-4 How PIM-SM Works 1-5 Introduction to Administrative Scoping in PIM-SM
More information