Informed DDoS Mitigation at 100 Gb/s

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F18%3A10133096" target="_blank" >RIV/63839172:_____/18:10133096 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Informed DDoS Mitigation at 100 Gb/s

Popis výsledku v původním jazyce

Network attacks, especially DoS and DDoS attacks, are a significant threat to all providers of services or infrastructure. The most potent attacks can paralyze even large-scale infrastructures of worldwide companies (as it is mentioned, e.g., in [1]). The objective of DDoS attacks is usually to flood the target network device or even the network itself with a large number of packets. Such attack results in nondeterministic discarding of network packets. There are many different types of DDoS attacks hence every mitigation technique addresses only a portion of them. Network operators can use various ways of defense (such as blackholing, rate-limiting) that deterministically discard packets of the traffic according to defined rules. The problem of packet discarding is related to the availability of the victim. When all packets targeted against the victim are discarded, the attack becomes harmless. Naturally, legitimate packets are discarded as well. Therefore, it is not always a feasible approach in practice. The main challenge is to distinguish malicious and legitimate packets. DDoS mitigation strategy based on the recognition of malicious packets is a complex task due to the similarity between legitimate and malicious packets. This presentation proposes a design of a mitigation heuristic which utilizes the knowledge of the so-called reputation score [2] of network entities and describes a way to integrate the proposed heuristic into a scrubbing center developed by CESNET a.l.e. The result, which will be described in this presentation, is based on the DDoS Mitigation Device (DMD) [3] that works at link speed 100 Gb/s. The DMD analysis the traffic on-the-fly, it computes statistics and using our proposed heuristic algorithm based on reputation scores it determines what packets to discard.

Název v anglickém jazyce

Informed DDoS Mitigation at 100 Gb/s

Popis výsledku anglicky

Network attacks, especially DoS and DDoS attacks, are a significant threat to all providers of services or infrastructure. The most potent attacks can paralyze even large-scale infrastructures of worldwide companies (as it is mentioned, e.g., in [1]). The objective of DDoS attacks is usually to flood the target network device or even the network itself with a large number of packets. Such attack results in nondeterministic discarding of network packets. There are many different types of DDoS attacks hence every mitigation technique addresses only a portion of them. Network operators can use various ways of defense (such as blackholing, rate-limiting) that deterministically discard packets of the traffic according to defined rules. The problem of packet discarding is related to the availability of the victim. When all packets targeted against the victim are discarded, the attack becomes harmless. Naturally, legitimate packets are discarded as well. Therefore, it is not always a feasible approach in practice. The main challenge is to distinguish malicious and legitimate packets. DDoS mitigation strategy based on the recognition of malicious packets is a complex task due to the similarity between legitimate and malicious packets. This presentation proposes a design of a mitigation heuristic which utilizes the knowledge of the so-called reputation score [2] of network entities and describes a way to integrate the proposed heuristic into a scrubbing center developed by CESNET a.l.e. The result, which will be described in this presentation, is based on the DDoS Mitigation Device (DMD) [3] that works at link speed 100 Gb/s. The DMD analysis the traffic on-the-fly, it computes statistics and using our proposed heuristic algorithm based on reputation scores it determines what packets to discard.

Druh

O - Ostatní výsledky

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

<a href="/cs/project/LM2015042" target="_blank" >LM2015042: E-infrastruktura CESNET</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2018

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů