OpenFlow DDoS Mitigation

Similar documents
DDoS Defense Mechanisms for IXP Infrastructures

GARR customer triggered blackholing

DDoS Protection in Backbone Networks

FortiDDoS Deployment Guide for Cloud Signaling with Verisign OpenHybrid

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

Design and development of the reactive BGP peering in softwaredefined routing exchanges

Attacks on WLAN Alessandro Redondi

CIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec

Distributed Denial of Service

Computer Security: Principles and Practice

Distributed Denial of Service (DDoS)

Denial of Service and Distributed Denial of Service Attacks

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS

9. Security. Safeguard Engine. Safeguard Engine Settings

Application Notes for Mirage Networks CounterPoint in an Avaya IP Telephony Infrastructure Issue 1.0

Performance and Security Evaluation of SDN Networks in OMNeT++/INET. Marco Tiloca, Alexandra Stagkopoulou, Gianluca Dini

Corrigendum 3. Tender Number: 10/ dated

Overview of the Cisco OpenFlow Agent

Leveraging SDN for Collaborative DDoS Mitigation

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can

EFFECTIVE SERVICE PROVIDER DDOS PROTECTION THAT SAVES DOLLARS AND MAKES SENSE

II. Principles of Computer Communications Network and Transport Layer

DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (

Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks

DevoFlow: Scaling Flow Management for High Performance Networks

Sun Mgt Bonus Lab 2: Zone and DoS Protection on Palo Alto Networks Firewalls 1

snoc Snoc DDoS Protection Fast Secure Cost effective Introduction Snoc 3.0 Global Scrubbing Centers Web Application DNS Protection

ERT Threat Alert New Risks Revealed by Mirai Botnet November 2, 2016

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Cybersecurity Threat Mitigation using SDN

Intelligent Programmatic Peering Summary Report

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Hands on SDN and BRO

PIX-IE An SDN-based Programmable Internet exchange

Software-Defined Networking (SDN) Now for Operational Technology (OT) Networks SEL 2017

SDN Applications and Use Cases. Copyright 2015 ITRI

The information in this document is based on Cisco IOS Software Release 15.4 version.

Mobile LOIC Counter Measures

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

DDoS Mitigation & Case Study Ministry of Finance

Automated Analysis and Aggregation of Packet Data

Dixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites

IQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.

TDC DoS Protection Service Description and Special Terms

Chapter 10: Denial-of-Services

INTRODUCTION: DDOS ATTACKS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

ΕΘΝΙΚΟ ΜΕΤΣΟΒΙΟ ΠΟΛΥΤΕΧΝΕΙΟ - Ε.Μ.Π. NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA School of Electrical & Computer Engineering

AN exam March

Anti-DDoS. FAQs. Issue 11 Date HUAWEI TECHNOLOGIES CO., LTD.

XDP in practice: integrating XDP into our DDoS mitigation pipeline

ASA Has High CPU Usage Due to a Traffic Loop When VPN Clients Disconnect

Introduction to Security. Computer Networks Term A15

Independent Scalability and Functionality Test: Sandvine Virtualized Traffic Steering Engine (TSE) and Virtualized Policy Traffic Switch (PTS)

A POX Controller Module to Collect Web Traffic Statistics in SDN Environment

DDoS Defense Mechanisms for IXP Infrastructures

DENIAL OF SERVICE ATTACKS

Basic Concepts in Intrusion Detection

2020: Time to Shutdown DDoS?

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Check Point DDoS Protector Simple and Easy Mitigation

68% 63% 50% 25% 24% 20% 17% Credit Theft. DDoS. Web Fraud. Cross-site Scripting. SQL Injection. Clickjack. Cross-site Request Forgery.

Covert channel detection using flow-data

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

DNS Authentication-as-a-Service Preventing Amplification Attacks

ddos-guard.net Protecting your business DDoS-GUARD: Distributed protection against distributed attacks

Configuring Flood Protection

Keywords MANET, DDoS, Floodingattack, Pdr.

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

Entropy-based event detection

Disrupting SDN via the Data Plane: A Low-Rate Flow Table Overflow Attack

SENSS Against Volumetric DDoS Attacks

Software Defined Networking

Enhancing DDoS protection TAYLOR HARRIS SECURITY ENGINEER

Improving Network Security by SDN OrchSec and AutoSec Architectures

Avi Networks Technical Reference (16.3)

TALK. agalaxy FOR THUNDER TPS REAL-TIME GLOBAL DDOS DEFENSE MANAGEMENT WITH A10 DATA SHEET DDOS DEFENSE MONITORING AND MANAGEMENT

On Demand secure routing protocol resilient to Byzantine failures

Chapter 7. Denial of Service Attacks

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

Security Whitepaper. DNS Resource Exhaustion

Clean Pipe Solution 2.0

2nd SIG-NOC meeting and DDoS Mitigation Workshop Scrubbing Away DDOS Attacks. 9 th November 2015

Internet Protocol and Transmission Control Protocol

Unicast Reverse Path Forwarding Loose Mode

Cisco Service Control Service Security: Outgoing Spam Mitigation Solution Guide, Release 4.1.x

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

ICS 351: Today's plan. routing protocol comparison encapsulation network dynamics multicasting in general IP multicasting IGMP PIM

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Control plane requirements for wireless and cellular networks based on SDN

Software Defined Networking Data centre perspective: Open Flow

IoT DDoS Attacks Detection based on SDN RAMTIN ARYAN

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Security Annex for DDoS Additional Terms for DDoS Protection

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS

Programmable Dataplane

DDoS PREVENTION TECHNIQUE

Detecting Distributed Denial-of. of-service Attacks by analyzing TCP SYN packets statistically. Yuichi Ohsita Osaka University

Check Point DDoS Protector Introduction

DoS Cyber Attack on a Government Agency in South America- February 2012 Anonymous Mobile LOIC in Action

Transcription:

OpenFlow DDoS Mitigation C. Dillon, M. Berkelaar February 9, 2014 University of Amsterdam Quanza Engineering

Introduction Distributed Denial of Service attacks Types of attacks Application layer attacks (low volume) Network layer attacks (high volume) Popular mitigation methods BGP Remotely Triggered Black Hole (RTBH) In-line filtering appliances Scrubbing center OpenFlow DDoS mitigation While keeping the target online

Research Question How can Openflow be used in DDoS mitigation? How can flow statistics be analyzed to detect DDoS attacks? Can packet symmetry in sample traffic be analyzed to detect malicious traffic sources? Can malicious traffic sources be detected by temporarily dropping outgoing traffic? Can OpenFlow be used to efficiently block malicious sources while allowing legitimate traffic?

OpenFlow Separation between control- and data plane Controller creates and pushes flows to data plane TCAM table 0 http://yuba.stanford.edu/cs244wiki/index.php/overview

OpenFlow: Flow Statistics Per flow: Duration Byte counters Packet counters Polled by controller Network load overview

OpenFlow: Traffic Sampling Packet-in channel Samples to controller Strip payload Encapsulation by switch TCP stream Mirroring Multiple output ports for a flow To any IDS on the network

OpenFlow: Traffic Dropping Flexibility in dropping traffic: Source based blocking Destination based filtering Only block TCP/UDP destination port Limited by capacity of TCAM table

Proposed Solution 1 Initial detection Monitoring flow statistics Detect traffic spikes 2 Identification of attackers Traffic sampling Packet symmetry Block outgoing traffic 3 Blocking the attack Drop traffic from malicious sources

Proposed Solution: Initial Detection Detection of traffic spikes in flow statistics Detection based on the standard deviation Lightweight Initial detection: Used to trigger further detection mechanisms

Proposed Solution: Packet Symmetry Mirror traffic from and to DDoS target Distinguish attackers with packet count symmetry analysis Legitimate traffic shows typical ratios between 1:1 and 8:1.

Proposed Solution: Block Outgoing Traffic A short interruption of the outgoing flow could distinguish bad sources. TCP retransmit interval should increases Typical request-response protocols may show equal behaviour Expecting a declining rate of packets OpenFlow can easily and rapidly modify flows that enable this

Proposed Solution: Block Outgoing Traffic 1 Sample 2 Block + sample 3 Analyse

Proposed Solution: Drop Malicious Traffic Explicit drop flows using OpenFlow Source-based blocking explored Idle drop flows expire automatically

Proof of Concept: Experimentation setup Ryu SDN framework Python based OpenFlow controller Detection mechanisms in the controller Software environment KVM + OpenVswitch Hardware environment Arista 7050 OpenFlow switch 10Gbit simulations Not as flexible as OpenVswitch Traffic simulation Victim and Attacker machines Legitimate + DDoS traffic

Proof of Concept: Packet Symmetry Hping3 flood stalls the Curl

Proof of Concept: Block Outgoing Traffic Timing issues with hardware. Flood never stopped. Curl retransmitted at a declining rate.

Conclusion Using the OpenFlow infrastructure to mitigate high volume attacks shows potential. Hardware currently shows limitations: TCAM table size Timing of OpenFlow operations in our experiment caused issues

Questions Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback