SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy...

Post on 05-Feb-2018

240 views 0 download

Preview:

Click to see full reader
Report this document
SHARE

Transcript of SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy...

1

SENSSSecurityServicefortheInternet

JelenaMirkovic(USC/ISI),Minlan Yu(USC),YingZhang(HPLabs),Sivaram Ramanathan (USC)

DDoS Attacks:LargeandPowerful

• DDoS attacksareincreasinginvolumeandfrequency(newrecord1.2Tbps)

• Disproportionatepowerinhandsofattacker– Attacksthatbringdownlarge,wellprovisionedvictimsoftenwieldedbyasinglepersonorsmallgroup(Spamhouse,Dyn,OVHandKrebs)

– Nospecialexperienceorcircumstance– Cheapforattacker,veryexpensiveforthevictim

• Enabledbylarge,distributedbotnets– Nosingleentity(centralizedordistributed)canwithstandthis,distributeddefensesamust

2

Oursolution:SENSS

3

• Fullysoftwaresolution– easytodeploy• EnablesanyISPtoofferautomated servicesfor

DDoS diagnosisandmitigation- Naturallydistributed,secure,robusttomisbehavior- WorkswithexistingISPinfrastructure(SDN,Flowspec,Netflow)

• VictimqueriesitsownISPorremoteISPs- Aboutitsinboundtraffic,routestoitsprefixes- Thishelpsdetectbestpointsformitigation

• VictimasksselectISPsto:- Filtersomeofitsinboundtraffic(victimspecifiesheadersignature)

- Demotearoutethatmaycontainabottleneck

SENSSModules

4

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

ST

client

clientserver

server

server

server

detector

detectorproxyblacklist aggregator

4

SENSSAPIsatISPs

• ExposedasWebservices– Leverageexistingfunctionalitiesforrobustness(replication),

security(HTTPS),charging(e-commerce)

• Messageauthentication:Proofofauthorityforaprefix– E.g.,RPKI,aDBofknowncustomers,prefixesandpublickeys

• TLSforcommunicationsecurity

5

Type Fields Action/ReplyTrafficquery Flow,dir,obs_time Listof<tag,dir,volume>

Trafficfilter/allow Flow,dir,tag,duration Deployfilter/allowactions

Routequery Prefix List ofbestpathstoprefix

Routedemote Prefix,segment,duration Demoterouteswithgivensegment

HowCanYouHelp?• Deployapassivemodule:

– Detector– learnhowoftenyouexperienceDDoS orparticipateinit

– Blacklistaggregator– getourfeedofsuspiciousprefixes• Deployanactivemodule:

– Server– automatefilterruledeploymentinmultipleswitches– Client+Detector– leverageyourISP’sDDoS solutionandtriggeritautomatically

• Lookingfor:– Experiencesfromtrenches,whatdoyoudonowforDoS?– One-timefeedbackonneeds,deployability,concerns– 1h/monthongoingfeedbackfromopsworld– Sitestopilotoursolutions

6

Contactussunshine@isi.edu

http://steel.isi.edu/Projects/SENSS/

Jelena Mirkovic Minlan Yu Ying Zhang SivaramRamanathan

Top related

SENSS Against Volumetric DDoS Attacks - ISI
 Documents
Bunker fuel metering systems Our certified solution ... · PDF fileOur certified solution creates maximum transparency ... by tank stripping and the “cappuccino effect”. ... Singapore.
 Documents
South East Network for Social Sciences (SeNSS) Doctoral Web viewSouth East Network for Social Sciences (SeNSS) Doctoral Training Partnership ESRC-Funded Studentship Application Form
 Documents
SENSS: Software-defined Security Service · – In Q1 2014: 47% increase in total DDoS attacks. – Attack size more than 300Gbps. • Network attacks are more damaging – 71% of
 Documents
Specialty€Gases €€€€€€€€€€€€€€€€€€€€€€€€€€ from Messer fileOur program„made for your success“ From Acetylene to Xenon, the
 Documents
300-206 - · PDF file300-206 Cisco Implementing Cisco Edge Network Security€Solutions (SENSS) OfficialCerts.com is a reputable IT certification examination guide, study guides and
 Documents
SENSS Virtual Conference - SOAS University of London
 Documents
Sample Research Defenses Packetscore Pushback Traceback SOS Proof-of-work systems Human behavior modeling SENSS.
 Documents
OUR COMMITMENT - G Tech Marine Inc. · PDF fileOUR COMMITMENT BUILDING XCITEMENT ... Welding it was the solution which became the cornerstone of an industry often imitated, ... ack
 Documents
 · Cisco SENSS 1.0 Implementing Cisco Edge Network Security Solutions Instructor: Graham Tuthill London 8th June 2015
 Documents
Cisco Certifications Career Path · Cisco Edge Network Security Solutions (SENSS), lmplementrng Cisco Threat Control Solutions (SITCS), Implementing Cisco Secure Access Solutions
 Documents
if you are not part of the solution, you are part of the ... · PDF fileOur great system of self- ... for living Christ-centered lives, ... step to good citizenship. PRAY daily that
 Documents
FORMATIONS OFFICIELLES CISCO - flane.fr · 5 3 770 € 47 300-206 SENSS CCNP Security SIMOS ... Prix HT (€) CLC N°Examen Certification CPF . ... CCIE Security Exam 400-251 CCIE
 Documents
SeNSS Supervisor-led Collaborative Studentship Competition ... · during the competition for that project, an award will be made to that candidate to ... competition process. However,
 Documents
mappa/map - · PDF fileour new museum treet art mappa/map oma uo nuovo museo
 Documents
Web viewResources such as word banks, coloured overlays, writing frames and task frames are used to increase confidence and enable children to become independent learners. ... SENSS
 Documents
pages.shanti.virginia.edupages.shanti.virginia.edu/engagedlearning/files/2011/05/Types-of...êO!NêS le pe]êlunooue senss! uo peseq letlffiO( e svaepms .saouauadxa ê0!rues 01 'S6U!PUlJ
 Documents
senss Wi cht af erleben - thuenen.de
 Documents
Wokinghan SENSS Dec 2014 - defaultgateway.co.uk€¦Implementing Cisco Edge Network Security Solutions SENSS Instructor: Graham Tuthill ... Complete Lab 22 by 9:00 UK time. Wokinghan
 Documents
SENSS Oct 2015 London - Default · PDF fileSENSS_Oct_2015_London 5 October 23, 2015 Laszlo Ahmed Rob Gavin Jordan Nabila Paul Mebs Mads SENSS4 SENSS1 SENSS2 SENSS3 Imran Emma SENSS6
 Documents

Copyright © 2022 FDOCUMENTS