a novel technique for defending against internet ddos attacksabc/teaching/bil... · attack...
TRANSCRIPT
A Novel Technique for Defending Against Internet DDoS Attacks
� Problem
� Aim
� Model
� Enhanced Probabilistic Marking (EPM)
� Attack Mitigation Decision (AMD)
� Preferential Packet Filtering (PPF)
� Evaluation Results
� Lack of proper defense mechanisms against
DDOS
� Detecting the origin
◦ IP spoofing
◦ Ingress Filtering
◦ IP Traceback Mechanisms
� Mitigate the affects of DDOS in the course of
events
� Smart filtering DDOS traffic while allowing
legitimate traffic
� Detecting “infected” paths, i.e. inferring
whether or not a network edge is on the path
from an attacker.
Proposed system has 3 modules:
1. Enhanced Probabilistic Marking (EPM)
Module
Attack Mitigation Decision-making (AMD) 2. Attack Mitigation Decision-making (AMD)
Module
3. Preferential Packet Filtering (PPF) Module
� Uses Advanced Marking Scheme (AMS)
� Faster reconstruction
� Higher accuracy
� Needs map of upstream routers
� Determines whether an attacker has an edge
on its path
� Marks are classified into three types:
I. Signaling marks
II. Data marks of a clean edge
Data marks of an infected edge or III. Data marks of an infected edge or
unmarked
Task 1 :� Reconstruct the attack graph based on
signaling marks� Measure incoming traffic rates
(Rsignaling, Rclean, Runsure)(Rsignaling, Rclean, Runsure)
Task 2:� Adjust filtering parameters using
information from Task 1� Each mark type has a probability of passing
(Asignaling, Aclean, Aunsure)
� Probability of passing for each packet type is recomputed periodically
� Performance Metrics
I. GDR(Good Drop Ratio): the percentage of the
legitimate traffic dropped
II. BDR(Bad Drop Patio): the percentage of the II. BDR(Bad Drop Patio): the percentage of the
DDoS traffic dropped
III. GTP(Good Traffic Percentage): the percentage
of the traffic arriving at the victim being
legitimate