1 / 47

Defending Against DDoS Attacks Using Max-min Fair Server Centric Router Throttles

Defending Against DDoS Attacks Using Max-min Fair Server Centric Router Throttles. David K.Y. Yau John C.S. Lu CS Dept, Purdue University CS&E Dept,CUHK. Motivations. Internet is an open and democratic environment

rahim-koch
Télécharger la présentation

Defending Against DDoS Attacks Using Max-min Fair Server Centric Router Throttles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defending Against DDoS Attacks Using Max-min Fair Server Centric Router Throttles David K.Y. Yau John C.S. Lu CS Dept, Purdue University CS&E Dept,CUHK Operating System Concepts

  2. Motivations • Internet is an open and democratic environment • increasingly used for mission-critical work and commercial applications. • Many security threats are present or appearing • Easy to launch, even for naïve users. • need effective and flexible defenses to detect/trace/counter attacks • Goals: • protect innocent users; • prosecute criminals Ambitious goals Operating System Concepts

  3. Network Denial-of-service Attacks • Some attacks quite subtle • securing protocols and intrusion detection (e.g., BGP, TCP-syn attack) • at routing infrastructure, malicious dropping of packets, etc (low-rate TCP) • Others by brute force: - flooding (e.g., UDP, valid Web Request) • Cripples victim: - precludes any sophisticated defense at victim site • Philosophical question: what is an “attacker”? • Viewed as resource management problem Operating System Concepts

  4. Flooding Attack Server Operating System Concepts

  5. Server-centric Router Throttle • Installed by server when under stress, at a set deployment routers • can be sent by multicast • Specifies leaky bucket rate at which router can forward traffic to the server • aggressive traffic for server dropped before reaching server • rate determined by a feedbakcontrol algorithm Issues: (1) Which set of routers? (2) What is the “proper” dropping rate? Operating System Concepts

  6. Router Throttle Securely installed by S Throttle for S Throttle for S’ To S’ Aggressive flow To S Deployment router C: Each victim has a leaky bucket for rate limit. Small memory and computationoverhead! Operating System Concepts

  7. Key Design Problems • Resource allocation: who is entitled to what? • need to keep server operating within load limits • notion of fairness, and how to achieve it? • Need global, rather than router-local, fairness • How to respond to network and user dynamics (e.g., fluctuation of traffic)? • Feedback control strategy is needed Operating System Concepts

  8. What is being fair? • Baseline approach of dropping a fraction “f”, say ½, of traffic for each flow won’t work well • a flow can cause more damage to other flows simply by being more aggressive! • Rather, no flow should get a higher rate than another flow that has unmet demands • this way, we penalize “aggressive” flows only, but protect the well-behaving ones Operating System Concepts

  9. Level-k Deployment Points • Deployment points parameterized by an integer k • R(k) -- set of routers that are either k hops away from server S, or less than k hops away from S but are directly connected to a host • Fairness across global routing points R(k) Operating System Concepts

  10. Level-3 Deployment Server Operating System Concepts

  11. Feedback Control Strategy • Hysteresis control • high and low water marks for server load, to strengthen or relax router throttle • Additive increase/multiplicative decrease rate adjustment • increases when server load exceeds US, and decreases when server load falls below LS • throttle removed when a relaxed rate does not result in significant server load increase Operating System Concepts

  12. Fairness Definition • A resource control algorithm achieves level-k max-min fairness among the routers R(k) if the allowed forwarding rate of traffic for S at each router is the router’s max-min fair share of some rate r satisfying LS r US Operating System Concepts

  13. Fair Throttle Algorithm Operating System Concepts

  14. Example Max-min Rates (L=18, H=22) 18.23 6.65 24.88 6.25 0.22 0.22 14.1 15.51 0.01 59.9 6.25 17.73 6.25 1.40 17.73 20.53 0.61 0.95 0.61 0.95 Server Operating System Concepts

  15. Interesting Questions • Can we preferentially drop attacker traffic over good user traffic? • Can we successfully keep server operating within design limits, so that good user traffic that makes it gets acceptable service? • How stable is such a control algorithm? How does it converge? Operating System Concepts

  16. Algorithm Evaluation • Control-theoretic analysis (fluid analysis) • algorithm stability and convergence under different system parameters • Packet network simulations (packet level analysis) • Test under UDP and TCP traffic. Also test with Web traces • System implementation (the real thing, baby !!!) • deployment costs Operating System Concepts

  17. Control-theoretic Model Throttle signal from victim Step size Adjusted traffic from source i When throttle signal is high, server is underloaded. When throttle signal is low, server is overloaded. ANALOGY!!! Operating System Concepts

  18. Feedback Control Model (Us=1750;Ls=1650) Constant Source of 20 Constant Source of 30 Constant Source of 25 Constant Source of 4000 Constant Source of 2800 Operating System Concepts

  19. Output for good traffic (total from source 1) Operating System Concepts

  20. Output for attack traffic (total from source 5) Operating System Concepts

  21. Output for attack traffic (total from source 6) Operating System Concepts

  22. Total traffic to server (Us=1750;Ls=1650) Operating System Concepts

  23. Case 2: variable attack traffic (Us=1750,Ls=1650) Square Pulse Operating System Concepts

  24. Output of attack traffic 1 Operating System Concepts

  25. Output of attack traffic 2 Operating System Concepts

  26. Total traffic to server (Us=1750;Ls=1650) Operating System Concepts

  27. Feedback Control Model(sources and server) Operating System Concepts

  28. Feedback Control Model (server throttle signal) Operating System Concepts

  29. Feedback Control Model (sources process throttle) Operating System Concepts

  30. Throttle Rate (L=900; U=1100) Operating System Concepts

  31. Server Load (L = 900; U = 1100) Operating System Concepts

  32. Throttle Rate (U = 1100) Operating System Concepts

  33. Server Load (U = 1100) Operating System Concepts

  34. Throttle Rate (L=1050;U=1100) Operating System Concepts

  35. Server Load (L=1050; U=1100) Operating System Concepts

  36. NS2: UDP Simulation Experiments • Global network topology reconstructed from real traceroute data • AT&T Internet mapping project: 709,310 traceroute paths, single source to 103,402 other destinations • randomly select 5,000 paths, with 135,821 nodes of which 3879 are hosts • Randomly select x% of hosts to be attackers • good users send at rate [0,r], attackers at rate [0,R] Operating System Concepts

  37. 20% Evenly Distributed Aggressive (10:1) Attackers Operating System Concepts

  38. 40% Evenly Distributed Aggressive (5:1) Attackers Operating System Concepts

  39. EvenlyDistributed “meek” Attackers Operating System Concepts

  40. Deployment Extent Operating System Concepts

  41. NS2: TCP Simulation Experiment • Clients access web server via HTTP 1.0 over TCP Reno • Simulated network subset of AT&T traceroute topology • 85 hosts, 20% attackers • Web clients make request probabilistically with empirical document size and inter-request time distributions Operating System Concepts

  42. Web Server Protection Operating System Concepts

  43. Web Server Traffic Control Operating System Concepts

  44. System Implementation • On Linux router • loadable kernel module • CPU resource reservation • Deployment platform • Pentium 4/2G Hz PC • multiple 10/100 Mb/s Ethernet interfaces Operating System Concepts

  45. System Implementation: cont • OPERA: An Open-Source Extensible Router Architecture http://www.cse.cuhk.edu.hk/~cslui/ANSRlab/software/opera/ • A Linux-based package for implementing a software programmable router architecture with the aim to facilitate networking experiments for the research community. Using this architecture, one can dynamically load new extension and services into the programmable router. Some interesting extensions include QoS support and traceback of DDoS attacks.) • Dynamic module loading • Resource reservation • General extension framework • Secured Communication Operating System Concepts

  46. Future Work • Offered load-aware control algorithm for computing throttle rate • impact on convergence and stability • Policy-based notion of fairness • heterogeneous network regions, by size, susceptibility to attacks, tariff payment • Selective deployment issues • Impact on real user applications • Defense for other forms of DDoS like the reflector attack, BGP cascading failure..etc. Operating System Concepts

  47. Conclusions • Extensible routers can help improve network health • Presented a server-centric router throttle mechanism for DDoS flooding attacks • can better protect good user traffic from aggressive attacker traffic • can keep server operational under an ongoing attack • has efficient implementation Operating System Concepts

More Related