a divide-and-conquer strategy for thwarting ddos attacks
DESCRIPTION
A Divide-and-Conquer Strategy for Thwarting DDoS Attacks. Randolph Marchany (VT) Jung-Min Park (VT) Ruiliang Chen (VT) Presented by Panoat Chuchaisri. Outline. Proposed scheme AD : Attack Diagnosis PAD : Parallel Attack Diagnosis Overview Simulation Results Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
A Divide-and-Conquer Strategy for Thwarting
DDoS AttacksRandolph Marchany (VT)
Jung-Min Park (VT)Ruiliang Chen (VT)
Presented by Panoat Chuchaisri
Outline
• Proposed scheme– AD : Attack Diagnosis– PAD : Parallel Attack Diagnosis
• Overview
• Simulation Results
• Conclusion
AD & PAD Features
• Support ideal DDoS countermeasure paradigm
• No overhead during normal traffic
• Deterministic packet marking
• Provide adjustable parameter
• Do not require global key distribution
Overview
PID
4-8-24-42
Overview (contd.)
• Mark packet using 16-bit identification field and 1 reserved bit in IP header
• Use– a-bit hop-count field– b-bit PID field– c-bit XOR field
a + b + c = 17 , b ≥ c
Overview (contd.)
• ADMM (Active DMM)– Set hop-count field to zero– Copy own PID into PID field– Copy last c bits of PID to XOR field
• PDMM (Passive DMM)– Increase hop-count field by one– XOR field = last c bits of PID XOR field
AD
DAI
■ ADMM
■ PDMM
2742 21
24762
DAI
DII 42
36528
4729
1821 4
DII 24
PAD• Traceback multiple attack path
simultaneously
• DII 42 → DII 42,27
• Identify upstream interface using XOR
hop PID XOR
PAD
DAI DII 27,42
2742 21
2462 72450
19
042 42
27 27
24 50
50 411
Simulation Results
Simulation Results(contd.)
Simulation Results (contd.)
UNACCEPTABLE
Conclusion
• AD and PAD employ divide-and-conquer strategy to isolate attackers
• Combine traceback and filtering technique
• Suffer deployment problem
Thank You!