Upload File

cloud-based security research testbed: a ddos use case · • attacking tool - low orbit ion cannon...

  • Home
  • Documents
  • Cloud-based Security Research Testbed: A DDoS Use Case · • Attacking tool - Low orbit ion cannon (LOIC) DDoS Simulation • Simulation of a large network, systems, services and
1
Cloud-based Security Research Testbed: A DDoS Use Case • DDoS Attacks - easy to detect, hard to defend • Tedbed needed - Cybernetic Proving Ground • DDoS type - TCP SYN ood • Based on - DDoS attack on Czech important web servers in March, 2013 • Botnet - commanded by IRC and irssi • Attacking tool - Low orbit ion cannon (LOIC) DDoS Simulation • Simulation of a large network, systems, services and applications • Cloud environment for repeatable investigation of cyber threats • Monitoring of network behavior, detection and mitigation of anomalies and attacks • Automated gathering and processing of data generated during security scenarios • Creating database of malicious code • Visualization of signicant aspects of the scenarios • Detailed architecture description in [1] Features •Web based interface using Liferay Portal • Interconnected, synchronized portlets displaying various characteristics • Network topology and trac visualization Visualization [1] D. Kouřil, T. Rebok, T. Jirsík, J. Čegan, M. Drašar, M. Vizváry J. Vykopal. Cloud- based Testbed for Simulation of Cyber Attacks. In Proceedings of NOMS, 2014. References Abstract — We present a cloud-based research testbed designed to aid network security managers. The testbed enables operators to emulate various network topologies, services, and to analyze attacks threatening these systems. A possibility to test results of network management measures is desired, since testing these measures in a production environment is always not possible. We demonstrate a testbed use case, which aids to scrutinize network behavior under attack. Our use case is based on a large DDoS attack which targeted network infrastructure and web servers in Czech Republic in March, 2013. DDoS Scenario Timeline 3D sequenced time-ordered radar chart 2D ordinary radar chart Line chart of individual characteristics 1 2 3 1:00 2:00 6:30 8:30 11:00 Bot master congures bots 0:00 Start scenario Bot groups 1-4 attack victim DDoS at full strength End of DDoS Stop scenario This work has been supported by the project “Cybernetic Proving Ground” (VG20132015103) funded by the Ministry of the Interior of the Czech Republic. Acknowledgements Tomáš Jirsík Institute of Computer Science Masaryk University Brno, Czech Republic Pavel Čeleda Institute of Computer Science Masaryk University Brno, Czech Republic Martin Husák Institute of Computer Science Masaryk University Brno, Czech Republic Zdenek Eichler Faculty of Informatics Masaryk University Brno, Czech Republic [email protected] [email protected] [email protected] [email protected] 1 2 3 www.muni.cz/ics/kypo

Upload: others

Post on 11-Aug-2020

4 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Cloud-based Security Research Testbed: A DDoS Use Case · • Attacking tool - Low orbit ion cannon (LOIC) DDoS Simulation • Simulation of a large network, systems, services and

Cloud-based Security Research Testbed:A DDoS Use Case

• DDoS Attacks - easy to detect, hard to defend• Tedbed needed - Cybernetic Proving Ground• DDoS type - TCP SYN flood• Based on - DDoS attack on Czech important web servers in March, 2013• Botnet - commanded by IRC and irssi• Attacking tool - Low orbit ion cannon (LOIC)

DDoS Simulation

• Simulation of a large network, systems, services and applications• Cloud environment for repeatable investigation of cyber threats• Monitoring of network behavior, detection and mitigation of anomalies and attacks• Automated gathering and processing of data generated during security scenarios• Creating database of malicious code• Visualization of significant aspects of the scenarios• Detailed architecture description in [1]

Features

•Web based interface using Liferay Portal• Interconnected, synchronized portlets displaying various characteristics• Network topology and traffic visualization

Visualization

[1] D. Kouřil, T. Rebok, T. Jirsík, J. Čegan, M. Drašar, M. Vizváry J. Vykopal. Cloud-based Testbed for Simulation of Cyber Attacks. In Proceedings of NOMS, 2014.

References

Abstract — We present a cloud-based research testbed designed to aid network security managers. The testbed enables operators to emulate various network topologies, services, and to analyze attacks threatening these systems. A possibility to test results of network management measures is desired, since testing these measures in a production environment is always not possible. We demonstrate a testbed use case, which aids to scrutinize network behavior under attack. Our use case is based on a large DDoS attack which targeted network infrastructure and web servers in Czech Republic in March, 2013.

DDoS Scenario Timeline

3D sequenced time-ordered radar chart

2D ordinary radar chart

Line chart of individual characteristics

1

2

3

1:002:00

6:308:30

11:00

Bot master configures bots0:00 Start scenario

Bot groups 1-4 attack victim

DDoS at full strengthEnd of DDoSStop scenario

This work has been supported by the project “Cybernetic Proving Ground” (VG20132015103) funded by the Ministry of the Interior of the Czech Republic.

Acknowledgements

Tomáš Jirsík

Institute of Computer ScienceMasaryk University

Brno, Czech Republic

Pavel ČeledaInstitute of Computer Science

Masaryk UniversityBrno, Czech Republic

Martin Husák Institute of Computer Science

Masaryk UniversityBrno, Czech Republic

Zdenek EichlerFaculty of InformaticsMasaryk University

Brno, Czech [email protected] [email protected]@ics.muni.cz [email protected]

1

2

3

www.muni.cz/ics/kypo

Charte graphique Loic Berthel

Loic Wacquant Parias Urbanos

Wacquant, Loic

DDoS dengan LOIC, HOIC dan Slowloris.pl

Parias Urbanos - Loic Wacquant

Livre Album Flavie & Loic

Scalable DDoS mitigation · •Scalable DDoS Mitigation –BGP FlowSpec •Cloud DDoS Protection –F5 Silverline. DDoS Overview • Distributed denial-of‐service (DDoS) attacks

Loic Wacquant. Parias Urbanas

Loic sarton (2)

Loic Menzies Director: LKMco loic@lkmco // 07793 370459 // @lkmco

Loic sarton seance 4

Speaker: Loic Moisand

Loic sarton spss 2011

Loic sarton

Loic Dreamforce 2011

Wacquant ,Loic. Parias Urbanos.pdf

Loic sarton seance 9

Performance Performance analysis analysis of a of a system ...ljilja/ENSC427/Spring15/Projects/team8/ENSC...Simulation Scenarios DDoS Attack Type:Reflection Attack. DDoS Prevention

Loic sarton synthèse swaen

A Quick Guide to DDoS Attacks - Wanstor · 2018-10-26 · Low Orbit Ion Cannon (LOIC) and the High Orbit Ion Cannon (HOIC). These tools can be downloaded, installed, and utilized

DDoS Penetration Test Service 23.10 - red- · PDF fileDDoS Experts RED BUTTON DDoS Simulation - Do It yourself OThe DDoS Simulation DIY is a service for large organizations and security

Loic sarton seance 7

DDOS Attack & Mitigation SImulation

Simulation-Based Study of Distributed Denial of Service Attacks ...€¦ · Distributed Denial of Service (DDoS), and Economic Denial of Sustainability (EDoS). DoS and DDoS attacks

Loic sarton synthèse pleyers

Configuration Manual For SDN Based DDOS Attack Simulation

Morne (GiCivcUnSíJ- lOic^

Loic france

Loic de Canniere

Modelling and simulation of DDOS Attack using SimEvents IJSRNSC-00067.pdf · In this research work, a DDoS attack is simulated using MATLAB’s SimEvents, with the aim of finding

Advanced DDoS Attacks Traffic Simulation with a Test Center ...infonomics-society.org/wp-content/uploads/ijisr/published-papers/... · Advanced DDoS Attacks Traffic Simulation with

Loic sarton csp internet

Loic sarton seance 6

The Shadowy Cyber Attack – State Sponsors of Terror · PDF fileThe Shadowy Cyber Attack – State Sponsors of Terror ... PLink, NetCat, DDoS (LOIC), MimiKatz, ... Cyber Attack –

Wacquant Loic - Parias Urbanos