DWARD DDoS Network Attack Recognition and Defense详细的DDoS网络攻击识别和防御.ppt

D-WARD:DDoS Network Attack Recognition and Defense PhD Qualifying Exam Jelena Mirkovi? PhD Advisor: Peter Reiher 01/23/2002 Design and implement DDoS defense system located at source network autonomously detects and stops attacking flows does not affect legitimate flows Overview Problem Statement Related Work Desirable Characteristics D-WARD Thesis Goals Conclusion Timeline */39 */39 What is a DoS Attack? Problem Statement? Related Work ? Desirable Characteristics ? D-WARD ? Thesis Goals ? Conclusion */39 What is a DDoS Attack? */39 Problem Statement? Related Work ? Desirable Characteristics ? D-WARD ? Thesis Goals ? Conclusion DDoS Defense Problem Large number of unwitting participants No common characteristics of DDoS streams No administrative domain cooperation Automated tools Hidden identity of participants Persistent security holes on the Internet */39 Problem Statement? Related Work ? Desirable Characteristics ? D-WARD ? Thesis Goals ? Conclusion DDoS Prevention Compromise prevention security patches virus detection programs intrusion detection systems (IDS) High deployment cannot be enforced */39 Problem Statement? Related Work ? Desirable Characteristics ? D-WARD ? Thesis Goals ? Conclusion DDoS Defense SOURCE NETWORK INTERMEDIATE NETWORK VICTIM NETWORK */39 Problem Statement? Related Work ? Desirable Characteristics ? D-WARD ? Thesis Goals ? Conclusion Victim Network Intrusion Detection Systems On-off control approach Router monitoring tools (CISCO) + Victim can successfully detect the attack - Victim is helpless if: attack consists of legitimate packets or attack is of large volume */39 Problem Statement? Related Work ? Desirable Characteristics ? D-WARD ? Thesis Goals ? Conclusion Intermediate Network WATCHERS Traceback Pushback Spoofing prevention + Routers can effectively constrain/trace the attack - Possible performance degradation - Interdomain politics of isolation - Attack detection is hard - Communication has to be secur