Informed DDoS Mitigation at 100 Gb/s
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F18%3A10133096" target="_blank" >RIV/63839172:_____/18:10133096 - isvavai.cz</a>
Výsledek na webu
—
DOI - Digital Object Identifier
—
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Informed DDoS Mitigation at 100 Gb/s
Popis výsledku v původním jazyce
Network attacks, especially DoS and DDoS attacks, are a significant threat to all providers of services or infrastructure. The most potent attacks can paralyze even large-scale infrastructures of worldwide companies (as it is mentioned, e.g., in [1]). The objective of DDoS attacks is usually to flood the target network device or even the network itself with a large number of packets. Such attack results in nondeterministic discarding of network packets. There are many different types of DDoS attacks hence every mitigation technique addresses only a portion of them. Network operators can use various ways of defense (such as blackholing, rate-limiting) that deterministically discard packets of the traffic according to defined rules. The problem of packet discarding is related to the availability of the victim. When all packets targeted against the victim are discarded, the attack becomes harmless. Naturally, legitimate packets are discarded as well. Therefore, it is not always a feasible approach in practice. The main challenge is to distinguish malicious and legitimate packets. DDoS mitigation strategy based on the recognition of malicious packets is a complex task due to the similarity between legitimate and malicious packets. This presentation proposes a design of a mitigation heuristic which utilizes the knowledge of the so-called reputation score [2] of network entities and describes a way to integrate the proposed heuristic into a scrubbing center developed by CESNET a.l.e. The result, which will be described in this presentation, is based on the DDoS Mitigation Device (DMD) [3] that works at link speed 100 Gb/s. The DMD analysis the traffic on-the-fly, it computes statistics and using our proposed heuristic algorithm based on reputation scores it determines what packets to discard.
Název v anglickém jazyce
Informed DDoS Mitigation at 100 Gb/s
Popis výsledku anglicky
Network attacks, especially DoS and DDoS attacks, are a significant threat to all providers of services or infrastructure. The most potent attacks can paralyze even large-scale infrastructures of worldwide companies (as it is mentioned, e.g., in [1]). The objective of DDoS attacks is usually to flood the target network device or even the network itself with a large number of packets. Such attack results in nondeterministic discarding of network packets. There are many different types of DDoS attacks hence every mitigation technique addresses only a portion of them. Network operators can use various ways of defense (such as blackholing, rate-limiting) that deterministically discard packets of the traffic according to defined rules. The problem of packet discarding is related to the availability of the victim. When all packets targeted against the victim are discarded, the attack becomes harmless. Naturally, legitimate packets are discarded as well. Therefore, it is not always a feasible approach in practice. The main challenge is to distinguish malicious and legitimate packets. DDoS mitigation strategy based on the recognition of malicious packets is a complex task due to the similarity between legitimate and malicious packets. This presentation proposes a design of a mitigation heuristic which utilizes the knowledge of the so-called reputation score [2] of network entities and describes a way to integrate the proposed heuristic into a scrubbing center developed by CESNET a.l.e. The result, which will be described in this presentation, is based on the DDoS Mitigation Device (DMD) [3] that works at link speed 100 Gb/s. The DMD analysis the traffic on-the-fly, it computes statistics and using our proposed heuristic algorithm based on reputation scores it determines what packets to discard.
Klasifikace
Druh
O - Ostatní výsledky
CEP obor
—
OECD FORD obor
20202 - Communication engineering and systems
Návaznosti výsledku
Projekt
<a href="/cs/project/LM2015042" target="_blank" >LM2015042: E-infrastruktura CESNET</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Ostatní
Rok uplatnění
2018
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů