1 / 14

A Divide-and-Conquer Strategy for Thwarting DDoS Attacks

A Divide-and-Conquer Strategy for Thwarting DDoS Attacks. Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri. Outline. Proposed scheme AD : Attack Diagnosis PAD : Parallel Attack Diagnosis Overview Simulation Results Conclusion.

sirvat
Download Presentation

A Divide-and-Conquer Strategy for Thwarting DDoS Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Divide-and-Conquer Strategy for Thwarting DDoS Attacks Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri

  2. Outline • Proposed scheme • AD : Attack Diagnosis • PAD : Parallel Attack Diagnosis • Overview • Simulation Results • Conclusion

  3. AD & PAD Features • Support ideal DDoS countermeasure paradigm • No overhead during normal traffic • Deterministic packet marking • Provide adjustable parameter • Do not require global key distribution

  4. Overview PID 4-8-24-42

  5. Overview (contd.) • Mark packet using 16-bit identification field and 1 reserved bit in IP header • Use • a-bit hop-count field • b-bit PID field • c-bit XOR field a + b + c = 17 , b ≥ c

  6. Overview (contd.) • ADMM (Active DMM) • Set hop-count field to zero • Copy own PID into PID field • Copy last c bits of PID to XOR field • PDMM (Passive DMM) • Increase hop-count field by one • XOR field = last c bits of PID XOR field

  7. AD 29 21 4 47 18 8 36 52 62 7 24 DAI DII 24 42 ■ ADMM ■ PDMM 21 27 DAI DII 42

  8. PAD • Traceback multiple attack path simultaneously • DII 42 → DII 42,27 • Identify upstream interface using XOR

  9. 42 42 0 27 27 24 50 1 50 41 PAD 24 50 62 7 24 19 42 21 27 DAI DII 27,42

  10. Simulation Results

  11. Simulation Results(contd.)

  12. UNACCEPTABLE Simulation Results (contd.)

  13. Conclusion • AD and PAD employ divide-and-conquer strategy to isolate attackers • Combine traceback and filtering technique • Suffer deployment problem

  14. Thank You!

More Related