Inferring Internet Denial-of-Service Activity - PowerPoint PPT Presentation

About This Presentation
Title:

Inferring Internet Denial-of-Service Activity

Description:

Title: Inferring Internet Denial-of-Service Activity Created Date: 3/7/2005 10:00:00 PM Document presentation format: On-screen Show Other titles – PowerPoint PPT presentation

Number of Views:481
Avg rating:3.0/5.0
Slides: 22
Provided by: csUcsbEd53
Category:

less

Transcript and Presenter's Notes

Title: Inferring Internet Denial-of-Service Activity


1
Inferring Internet Denial-of-Service Activity
  • David Moore, Geoffrey M Voelker, Stefan Savage
  • Presented by Yuemin Yu CS290F Winter 2005

2
Outline
  • Motivation
  • Attack types
  • Backscatter analysis
  • Results
  • Conclusion

3
Motivation
  • How to prevalent are DOS attacks today on the
    internet?
  • Nature of the current treats
  • Longer term analyses of trends and recurring
    patterns of attacks
  • Publish quantitative data about attacks

4
Attack Types
  • Logic attacks
  • Exploit software vulnerabilities
  • Software patches
  • Flooding attacks
  • Distributed DoS
  • Spoof source IP address randomly
  • Exhaust system resources

5
Backscatter
  • Attacker uses randomly selected source IP address
  • Victim reply to spoofed source IP
  • Results in unsolicited response from victim to
    third party IP addresses

6
Backscatter
7
Backscatter Analysis
  • m attack packets sent
  • n distinct IP address monitored
  • Expectation of observing an attack
  • R Actual rate of attack
  • R extrapolated attack rate

8
Analysis Assumptions
  • Address uniformity
  • Spoof at random
  • Uniformly distributed
  • Reliable delivery
  • Attack and backscatter traffic delivered reliably
  • Backscatter hypothesis
  • Unsolicited packets observed represent backscatter

9
Attack classifications
  • Flow-based
  • Based on target IP address and protocol
  • Fixed time frame (Within 5mins of most recent
    packet)
  • Event-based
  • Based on target IP address only
  • Fixed time frame

10
Data collection
/8 network 224 IP 1/256 of internet address
space
11
Data collections
  • Collect data extract following information
  • TCP flags
  • ICMP payload
  • Address uniformity
  • Port settings
  • DNS information
  • Routing information

12
Response/Used Protocols
13
Rate of attack
14
Victims by ports
15
Attack Duration Cumulative - Probability
Cumulative
probability density
16
Top level domain
17
Victims by Hostnames
18
Autonomous System
19
Repeated Attacks
20
Conclusion
  • Observed 12,000 attacks against more than 5,000
    distinct targets.
  • Distributed over many different domains and ISP
  • Small long attacks with large of attack
    volume
  • An unexpected amount of attacks targeting home,
    foreign, specific ISP

21
Thanks
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Inferring Internet Denial-of-Service Activity" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!