rajesh swarupa
-
Upload
rajeswara-reddy-badam -
Category
Documents
-
view
47 -
download
3
Transcript of rajesh swarupa
An Efficient An Efficient Dynamic Router Dynamic Router
Approach to Approach to Defeat Defeat
“DDOS Attack“DDOS Attack””Presentation byPresentation byB. Rajeswara Reddy,B. Rajeswara Reddy,
N.V.S.L. Swarupa.N.V.S.L. Swarupa.
ContentsContentsDenial-of-Service attacksDenial-of-Service attacksNecessity for solutionNecessity for solutionCooperative Technological Cooperative Technological SolutionsSolutionsExisting SolutionExisting SolutionProposed SolutionProposed SolutionConclusionConclusion
Denial-of-ServiceDenial-of-Service Attempt to make Attempt to make
resources unusable resources unusable to intended usersto intended users
Largest threat Largest threat faced by present faced by present day internetday internet
More among Social More among Social Networking SitesNetworking Sites
If more attackers it If more attackers it becomes DDoSbecomes DDoS
Necessity For Necessity For SolutionSolution
Media: 2.8% lossMedia: 2.8% lossTwo StagesTwo Stages
Recruiting Recruiting ZombiesZombiesFlooding VictimFlooding Victim
DrawbackDrawbackService DelaysService Delays
Dynamic Router Dynamic Router Approach.Approach. Mechanism of DDoS attacks.
COOPERATIVE COOPERATIVE TECHNOLOGICAL TECHNOLOGICAL
SOLUTIONSSOLUTIONS TO “DDOS TO “DDOS ATTACKS”ATTACKS”
ComponentsComponents1.1. Internet CoreInternet Core2.2. Internet CloudInternet Cloud3.3. Edge of InternetEdge of Internet4.4. Servers and ClientsServers and Clients
Service By D.S.C.Service By D.S.C.1.1. Direct Direct
CommunicationCommunication2.2. Cache Cache
CommunicationCommunication
1.Digital Supply Chain
The digital supply chain.
Steps in Steps in Cooperative Cooperative Filtering:Filtering:
1.1. AlarmingAlarming2.2. TracingTracing3.3. FilteringFiltering
Simple ApproachSimple Approach Delete Same IP Delete Same IP
PacketsPacketsBan IP spoofingBan IP spoofing The process of cooperative filtering.
a. Cooperative Filtering
b. Cooperative Cachingb. Cooperative Caching Draw Backs of FilteringDraw Backs of Filtering
ExpensiveExpensive Legal Packets LostLegal Packets Lost
Traffic Shared By Traffic Shared By RoutersRouters
Routing Tables NeededRouting Tables Needed Bandwidth efficiently Bandwidth efficiently
Utilized.Utilized. Combining both results Combining both results
in Effective in Effective PerformancePerformance
Fig Cooperative Caching
Incentive ChainIncentive Chain Major Sources For Major Sources For
Digital Content Digital Content flowflow End Users DemandEnd Users Demand ICP’s DemandICP’s Demand
Chain links all Chain links all parties for end to parties for end to end transmissionend transmission
Broken Incentive ChainBroken Incentive Chain Lack of Incremental Lack of Incremental
Payment Structure Payment Structure and Failure of and Failure of Cooperative FilteringCooperative Filtering Have unused residue Have unused residue
bandwidthbandwidth Cost and Benefits for Cost and Benefits for
ISP in Cooperative ISP in Cooperative FilteringFiltering
Payment to ISP’sPayment to ISP’s With Congestion no With Congestion no
profit to ISP’sprofit to ISP’sFig 3: Incentive Chain
Broken Incentive ChainBroken Incentive Chain Caches on the Edge of the Internet: Caches on the Edge of the Internet:
Inaccessible TreasuresInaccessible Treasures Missisippi rule For Cooperative CachingMissisippi rule For Cooperative Caching Cost efficient than FilteringCost efficient than Filtering Reasons for breaking incentive chainReasons for breaking incentive chain
ICP’s does not provide money for cachingICP’s does not provide money for caching Resource becomes inactiveResource becomes inactive
ICP’s not sure about DDoS: No ICP’s not sure about DDoS: No PaymentPayment
Existing Soln: Capacity Existing Soln: Capacity Provision NetworkProvision Network
Network of Cache Network of Cache ServersServers
Demand side Demand side Cache tradingCache trading
Owner of ISP Owner of ISP plays main role in plays main role in it.it.
Dilution of traffic Dilution of traffic by the best Cacheby the best Cache
Proposed SolutionProposed Solution
Difficult to locate Difficult to locate origin of attackorigin of attackRequest Request ConstraintsConstraints
Size: 2GBSize: 2GBFields: 100Fields: 100
Check header Check header info, at first routerinfo, at first routerRouter DatabaseRouter Database
Restricting Fake Packet
Sample Data And Sample Data And ResultsResults
Nodes in the Nodes in the time takentime taken network network 100 100 0.0781250.078125 200200 0. 1093750. 109375 300300 0.1093750.109375 400400 0.156250.15625 500500 0.156250.15625 600600 0.156250.15625 700700 0.1718750.171875 800800 0.2343750.234375 900900 0.2343750.234375 10001000 0.2656250.265625
Series 1
-200 200 400 600 800 1000 1200 1400
0.1
0.2
0.3
x
y
Nodes in the Network
Time Taken
CPN method
Identifying the AttackIdentifying the Attack
Nodes in the Nodes in the Time Time takentaken
network network 100 100
0.0781250.078125 200200 0.0781250.078125 300300 0.50.5 400400 0.0781250.078125 500500 0.0781250.078125 600600 0.0781250.078125 700700 0.0781250.078125 800800 00781250078125 900900 0.0781250.078125 10001000 0.0781250.078125
Results in Dynamic Results in Dynamic Router MethodRouter Method
No..of packets Transfer rates (No’s) (Mbps) 100 100 200 96 300 84 400 77 500 55 200 90 210 96 220 94 215 98
ConclusionConclusion Previously proposed methods Previously proposed methods
concentrated mostly on determining the concentrated mostly on determining the attack path only.attack path only.
In Our proposed solution we can easily In Our proposed solution we can easily safe guard any network from attack.safe guard any network from attack.
Here for LAN congestion problem add Here for LAN congestion problem add the implementation of multiple cache the implementation of multiple cache servers on network by complex congestion servers on network by complex congestion control algorithm.control algorithm.
..
..