Thesis Direction Introduction

1
Thesis Direction Introduction

• Presented by Henrry, C.Y. Chiang (???)

2
Todays Agenda

• 1. Background
• 2. Motivation
• 3. Problem Description
• 4. Problem Formulation
• Assumptions
• Given Parameters
• Objective function and Constraints
• Decision Variables

3
Todays Agenda

• 1. Background
• 2. Motivation
• 3. Problem Description
• 4. Problem Formulation
• Assumptions
• Given Parameters
• Objective function and Constraints
• Decision Variables

4
1. Background

• Distributed Denial-of-Service (DDoS) attacks have
  become a major problem in the Internet today.
• In one form of a DDoS attack, a large number of
  compromised hosts send unwanted traffic to
  exhaust the victims resources and prevent it
  from serving legitimate users.
• One of the main mechanisms proposed to deal with
  DDoS is filtering, which allows routers to
  selectively block unwanted traffic.

5
Todays Agenda

• 1. Background
• 2. Motivation
• 3. Problem Description
• 4. Problem Formulation
• Assumptions
• Given Parameters
• Objective function and Constraints
• Decision Variables

6
2. Motivation

• The proposed filtering mechanism to defend
  against distributed denial-of-service (DDoS)
  attacks
• seldom considers the capability of the filter,
  the capability of the router and multiple
  (backup) servers under DDoS attacks.
• can not guarantee 100 legitimate traffic will
  not be mistakenly discarded.
• has to consider the percentage of the total
  attack traffic filtered after filters have been
  allocated.

7
Todays Agenda

• 1. Background
• 2. Motivation
• 3. Problem Description
• 4. Problem Formulation
• Assumptions
• Given Parameters
• Objective function and Constraints
• Decision Variables

8
3. Problem Description
Z
G
S
Z
S
G
A
Z
G
S
Z
Fig 1. initial network topology
Fig 2. network topology with only good user
traffic
Fig 3. network topology with both good user
traffic and attacker traffic
Fig 4. network topology with filters installed
S
server
G
good user
router
filter
Z
zombie
A
attacker
good user traffic
attacker traffic
aggregate (good user and attacker) traffic
9
Todays Agenda

• 1. Background
• 2. Motivation
• 3. Problem Description
• 4. Problem Formulation
• Assumptions
• Given Parameters
• Objective function and Constraints
• Decision Variables

10
4. Problem Formulation - Assumptions (Attacker)

• Assumptions
• 1. There are multiple servers to be considered by
  the attacker.
• 2. The attacker has a number of compromised hosts
  (zombies).
• 3. The attacker can decide which entry node and
  destination node to pass the zombies traffic.
• 4. The routing policy for the zombies traffic
  will be decided by the autonomous system (AS).
• 5. The objective of the attacker, who is outside
  the AS, is to minimize the total legitimate
  traffic after filters have been allocated.

11
4. Problem Formulation - Assumptions (Defender)

• Assumptions
• 6. There are a number of legitimate users sending
  traffic to multiple servers considered by the
  attacker.
• 7. The routing policy for the legitimate traffic
  will be decided by the AS.
• 8. The network administrator (defender) can
  allocate filters to routers to maximize the total
  legitimate traffic after filters have been
  allocated.
• 9. The cost to allocate a filter to a router is
  decided by the capability of the filter.

12
4. Problem Formulation - Assumptions (Defender)

• Assumptions
• 10. The filter must have the certain capability
  to filter the certain number of zombies traffic
  (connections or volume?).
• 11. The router must have the certain capability
  to let the filter be allocated on it.
• 12. Both the attacker and the network
  administrator have complete information about the
  AS (each other?).

13
4. Problem Formulation - Given Parameters

• Given
• 1. The network topology
• 2. The number of servers to be considered by the
  attacker
• 3. The number of compromised hosts (zombies)
• 3.1 The capability of each zombie
• 4. The number of legitimate users sending traffic
  to the number of servers considered by the
  attacker
• 5. The total budget (cost) of the network
  administrator (defender)
• 6. The cost to allocate a filter with the certain
  capability
• 7. The capability of each router within the AS
• 8. The routing policy of the AS

14
4. Problem Formulation - Objective function and
Constraints

• Objective
• To maximize the minimized total legitimate
  traffic
• Subject to
• 1. The number of compromised hosts (zombies)
• 1.1 The capability of each zombie
• 2. The percentage of the total attack traffic
  which must be filtered after filters have been
  allocated
• 3. The total budget (cost) of the network
  administrator (defender)
• 4. The number of zombies traffic that a filter
  with the certain capability can filter
• 5. The capability of each router within the AS

15
4. Problem Formulation - Decision Variables

• To determine
• Defender
• The budget (filters) allocation strategy
• Attacker
• 1. The volume of the traffic that each
  compromised host (zombie) sends
• 2. The destination node that each compromised
  host (zombie) sends traffic to
• 3. The entry node that each compromised host
  (zombie) sends traffic to pass

16
The End

• - Its my greatest honor to have your attention.