Countering Large-Scale Internet Pollution and Poisoning - PowerPoint PPT Presentation

About This Presentation
Title:

Countering Large-Scale Internet Pollution and Poisoning

Description:

Denial of service (DoS) attacks in the Internet. Serious problem ... Search for new classes of DoS attacks and ... Music industry vs. p2p networks. Our work: ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 16
Provided by: fabianebu
Category:

less

Transcript and Presenter's Notes

Title: Countering Large-Scale Internet Pollution and Poisoning


1
Countering Large-Scale Internet Pollution and
Poisoning
  • Aleksandar Kuzmanovic
  • Northwestern University

http//www.cs.northwestern.edu/akuzma/
2
Problem and Approach (general)
  • Denial of service (DoS) attacks in the Internet
  • Serious problem
  • Becoming more and more sophisticated
  • Approach I
  • Search for new classes of DoS attacks and system
    vulnerabilities
  • It is interesting it makes sense it is
    relevant
  • Approach II
  • Exploit asymmetric costs
  • Small efforts by defenders will require attackers
    to multiply the amount of resources (e.g.,
    bandwidth, time, precision)
  • Raise the bar high enough to make the attacks
    hard (vs. impossible) to conduct

3
Pollution in P2P File Sharing Systems
  • Music industry vs. p2p networks
  • Our work
  • Denial-of-Service Resilience in Peer-to-Peer File
    Sharing Systems
  • In Proceedings of ACM SIGMETRICS 2005.
  • Insight
  • Despite highly replicated content and a
    decentralized system design, pollution attacks
    can be highly effective
  • Is it feasible to conduct similar type of attacks
    in the Internet at a large scale?

4
Large-Scale TCP Poisoning Attacks
  • Attack scenario
  • Sniff and shoot
  • Extremely easy to desynchronize TCP endpoints
  • a single packet needed (e.g., low rate attacks)

5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
Large-Scale TCP Poisoning Attacks (II)
  • Our Approach
  • No explicit security association between
    endpoints
  • Protocol design
  • Raise the bar high enough to exploit asymmetric
    costs
  • Solution-specific details
  • Deferred protocol reaction
  • Forward hashing
  • Self-clocking correlation method
  • Kernel-level implementation in FreeBSD

9
Pollution Attacks against Internet Caches
  • Fact
  • Majority of requests for Web, p2p, and DNS are
    served from caches

10
Pollution Attack Scenarios (I)
Attacking a web cache
Attacking an ISP cache
11
Pollution Attack Scenarios (II)
?
?
?
?
?
?
?
?
Pollution attack against a local DNS server
12
Pollution Attack Classes (I)
Before attack
After attack
New unpopular files
Popular files
....
....
....
....
Cache
Cache
Locality-disruption attacks
13
Pollution Attack Classes (II)
Before attack
After attack
Bogus popular files
Popular files
....
....
....
....
Cache
Cache
False locality attacks
14
Our Solution
  • Design goals
  • High accuracy and scalability
  • Approach
  • Streaming computation techniques, i.e., Bloom
    filters
  • Squid-based implementation

AE
Spawn
Spawn
Squid
File
Auxiliary part of
Detection Module
AE
Signal
AEI
Daemon
Signal
A pair of pipes
Triggered
Module
Detection Module
File
(Main part)
15
Summary
  • Actively searching (and developing solutions) for
    new types of DoS attacks
  • Pollution and poisoning
  • P2p networks, TCP, Internet caches
  • Solutions
  • Exploit asymmetric costs between defenders and
    attackers
  • Prototype implementations
Write a Comment
User Comments (0)
About PowerShow.com