Embed Size (px)
Citation preview
Design of an Autonomous Anti-DDOS Network
(A2D2)
Angela CearnsThesis Proposal
Master of Software EngineeringUniversity of Colorado, Colorado Springs
Introduction - DDoS DDoS – a threat not forgotten 3 main research areas:
Source Identification (Prevention) ITRACE, Ingree/Engress Filtering More difficult with distributed attack & new tools Most effective when implemented from attackers’
networks Detection
Monitor and identify patterns Intrusion Tolerance (Response)
Minimize attack impact, maximize QoS Focus of this Thesis
Existing Intrusion Tolerant Architecture – Main Shortcomings Rate-Limiting
IDS with high false positives dropped packets from legitimate clients
Expensive & Extensive Infrastructure XenoService – dynamic duplication
Very expensive, all ISP need to purchase this service
Pushback architecture Require co-operations of ISPs worldwide
DARPA IDIP autonomous response network Require protocol is not standard yet
Current Thesis Proposal UCSD research
Significant of DDoSes targeted home and medium-sized businesses
This Thesis Design an Autonomous Anti-DDoS network Integrate/improve existing technologies Easily afforded and implemented by
home and small networks
Proposed A2D2 Design & Improvements Fit real-life scenario1. Detection
Snort: new patch to detect generic flood New module plug-in
2. Autonomic Mitigation Class-based queuing Design new multi-level rate limiting Design new interface to integrate the
various methodologies to achieve autonomic response
Proposed A2D2 Design & Improvements
3. Software Engineering Principle Analysis
4. Testing Evaluation Current DDoS research no
common test matrix and test parameters
Thesis Plan & Schedule1. Requirement Analysis (February 1, 2002 – June 30 2002) Identify and understand the problem domain Identify the problem Evaluate possible prototypes Define requirements Present proposal and obtain official approval2. Planning (May 25, 2002 – July 12, 2002) Identify and obtain resources needed Define thesis plan and schedule3. Design (May 25, 2002 – July 12, 2002) Design initial test-bed prototype and evaluate design effectiveness Refine and finalize test-bed design Refine A2D2 response system design4. Implementation & Testing (May 30, 2002 – August 30, 2002) Create initial prototype Identify testing techniques before attack network is created. Create attack network Refine and create response network Refine autonomous response 5. Project Closure (August 25, 2002 –September 25, 2002) Present final data and obtain approval. Create all necessary documentation Thesis defense
Thesis Deliverables The network test-bed
Attack network + response network Resemble real-life scenario
The A2D2 response network Thesis report Software Engineering analysis
report
Questions? Suggestions?
References: Please refer to Proposal
Document
NormalOutputroute
CBQMulti-Level Rate
Limiting
Attack
Attack
Attack
AccessRealServer
100Mpbs Switch
Page 1
Autonomous Anti-DDoS Network Security Testbed (A2D2)(New Proposed Testbed - V2)
Monday, July 29, 2002
Private Subnet192.168.0
PublicNetwork
128.198.61
RealPlayer Server
Computer B
Computer C
Computer D
IP: 128.198.61.12NM: 255.255.255.128
GW: 128.198.61.1
eth0
Pluto (C3)
as Linux Router
IP: 192.168.0.1NM: 255.255.0.0
GW: 128.198.61.12
eth1
Titan (C2)iptables firewall
rate limiting
as Linux Router
eth1
100Mpbs Switch
IP: 128.198.61.13NM: 255.255.255.128
GW: 128.198.61.1
eth0
Saturn (C1)
as Linux Router
Real Player Client
Computer A
Internet
IP: 128.198.61.11NM: 255.255.255.128
GW: 128.198.61.1
eth0
DMZ
AccessRealServer
NormalOutputroute
IP: 192.168.0.2NM: 255.255.0.0
GW: 128.198.61.13
New flood detectionpatch
Interface to enable autonomicresponse:
Detect attack not filtered byfirewall, instruct firewall to startmulti-level rate limiting against
specific DDoS attack
