A Divide-and-Conquer Strategy for Thwarting DDoS Attacks
description
Transcript of A Divide-and-Conquer Strategy for Thwarting DDoS Attacks
![Page 1: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/1.jpg)
A Divide-and-Conquer Strategy for Thwarting
DDoS AttacksRandolph Marchany (VT)
Jung-Min Park (VT)Ruiliang Chen (VT)
Presented by Panoat Chuchaisri
![Page 2: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/2.jpg)
Outline
• Proposed scheme– AD : Attack Diagnosis– PAD : Parallel Attack Diagnosis
• Overview
• Simulation Results
• Conclusion
![Page 3: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/3.jpg)
AD & PAD Features
• Support ideal DDoS countermeasure paradigm
• No overhead during normal traffic
• Deterministic packet marking
• Provide adjustable parameter
• Do not require global key distribution
![Page 4: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/4.jpg)
Overview
PID
4-8-24-42
![Page 5: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/5.jpg)
Overview (contd.)
• Mark packet using 16-bit identification field and 1 reserved bit in IP header
• Use– a-bit hop-count field– b-bit PID field– c-bit XOR field
a + b + c = 17 , b ≥ c
![Page 6: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/6.jpg)
Overview (contd.)
• ADMM (Active DMM)– Set hop-count field to zero– Copy own PID into PID field– Copy last c bits of PID to XOR field
• PDMM (Passive DMM)– Increase hop-count field by one– XOR field = last c bits of PID XOR field
![Page 7: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/7.jpg)
AD
DAI
■ ADMM
■ PDMM
2742 21
24762
DAI
DII 42
36528
4729
1821 4
DII 24
![Page 8: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/8.jpg)
PAD• Traceback multiple attack path
simultaneously
• DII 42 → DII 42,27
• Identify upstream interface using XOR
![Page 9: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/9.jpg)
hop PID XOR
PAD
DAI DII 27,42
2742 21
2462 72450
19
042 42
27 27
24 50
50 411
![Page 10: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/10.jpg)
Simulation Results
![Page 11: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/11.jpg)
Simulation Results(contd.)
![Page 12: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/12.jpg)
Simulation Results (contd.)
UNACCEPTABLE
![Page 13: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/13.jpg)
Conclusion
• AD and PAD employ divide-and-conquer strategy to isolate attackers
• Combine traceback and filtering technique
• Suffer deployment problem
![Page 14: A Divide-and-Conquer Strategy for Thwarting DDoS Attacks](https://reader036.fdocuments.us/reader036/viewer/2022062409/568145ae550346895db2a773/html5/thumbnails/14.jpg)
Thank You!