SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy...
Transcript of SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy...
![Page 1: SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy to deploy • Enables any ISP to offer automatedservices for DDoSdiagnosis and mitigation](https://reader034.fdocuments.net/reader034/viewer/2022052305/5a7809dd7f8b9a9c548e7b3a/html5/thumbnails/1.jpg)
1
SENSSSecurityServicefortheInternet
JelenaMirkovic(USC/ISI),Minlan Yu(USC),YingZhang(HPLabs),Sivaram Ramanathan (USC)
![Page 2: SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy to deploy • Enables any ISP to offer automatedservices for DDoSdiagnosis and mitigation](https://reader034.fdocuments.net/reader034/viewer/2022052305/5a7809dd7f8b9a9c548e7b3a/html5/thumbnails/2.jpg)
DDoS Attacks:LargeandPowerful
• DDoS attacksareincreasinginvolumeandfrequency(newrecord1.2Tbps)
• Disproportionatepowerinhandsofattacker– Attacksthatbringdownlarge,wellprovisionedvictimsoftenwieldedbyasinglepersonorsmallgroup(Spamhouse,Dyn,OVHandKrebs)
– Nospecialexperienceorcircumstance– Cheapforattacker,veryexpensiveforthevictim
• Enabledbylarge,distributedbotnets– Nosingleentity(centralizedordistributed)canwithstandthis,distributeddefensesamust
2
![Page 3: SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy to deploy • Enables any ISP to offer automatedservices for DDoSdiagnosis and mitigation](https://reader034.fdocuments.net/reader034/viewer/2022052305/5a7809dd7f8b9a9c548e7b3a/html5/thumbnails/3.jpg)
Oursolution:SENSS
3
• Fullysoftwaresolution– easytodeploy• EnablesanyISPtoofferautomated servicesfor
DDoS diagnosisandmitigation- Naturallydistributed,secure,robusttomisbehavior- WorkswithexistingISPinfrastructure(SDN,Flowspec,Netflow)
• VictimqueriesitsownISPorremoteISPs- Aboutitsinboundtraffic,routestoitsprefixes- Thishelpsdetectbestpointsformitigation
• VictimasksselectISPsto:- Filtersomeofitsinboundtraffic(victimspecifiesheadersignature)
- Demotearoutethatmaycontainabottleneck
![Page 4: SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy to deploy • Enables any ISP to offer automatedservices for DDoSdiagnosis and mitigation](https://reader034.fdocuments.net/reader034/viewer/2022052305/5a7809dd7f8b9a9c548e7b3a/html5/thumbnails/4.jpg)
SENSSModules
4
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
ST
client
clientserver
server
server
server
detector
detectorproxyblacklist aggregator
4
![Page 5: SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy to deploy • Enables any ISP to offer automatedservices for DDoSdiagnosis and mitigation](https://reader034.fdocuments.net/reader034/viewer/2022052305/5a7809dd7f8b9a9c548e7b3a/html5/thumbnails/5.jpg)
SENSSAPIsatISPs
• ExposedasWebservices– Leverageexistingfunctionalitiesforrobustness(replication),
security(HTTPS),charging(e-commerce)
• Messageauthentication:Proofofauthorityforaprefix– E.g.,RPKI,aDBofknowncustomers,prefixesandpublickeys
• TLSforcommunicationsecurity
5
Type Fields Action/ReplyTrafficquery Flow,dir,obs_time Listof<tag,dir,volume>
Trafficfilter/allow Flow,dir,tag,duration Deployfilter/allowactions
Routequery Prefix List ofbestpathstoprefix
Routedemote Prefix,segment,duration Demoterouteswithgivensegment
![Page 6: SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy to deploy • Enables any ISP to offer automatedservices for DDoSdiagnosis and mitigation](https://reader034.fdocuments.net/reader034/viewer/2022052305/5a7809dd7f8b9a9c548e7b3a/html5/thumbnails/6.jpg)
HowCanYouHelp?• Deployapassivemodule:
– Detector– learnhowoftenyouexperienceDDoS orparticipateinit
– Blacklistaggregator– getourfeedofsuspiciousprefixes• Deployanactivemodule:
– Server– automatefilterruledeploymentinmultipleswitches– Client+Detector– leverageyourISP’sDDoS solutionandtriggeritautomatically
• Lookingfor:– Experiencesfromtrenches,whatdoyoudonowforDoS?– One-timefeedbackonneeds,deployability,concerns– 1h/monthongoingfeedbackfromopsworld– Sitestopilotoursolutions
6
![Page 7: SENSS - Internet2 · PDF fileOur solution: SENSS 3 • Fully software solution –easy to deploy • Enables any ISP to offer automatedservices for DDoSdiagnosis and mitigation](https://reader034.fdocuments.net/reader034/viewer/2022052305/5a7809dd7f8b9a9c548e7b3a/html5/thumbnails/7.jpg)
http://steel.isi.edu/Projects/SENSS/
Jelena Mirkovic Minlan Yu Ying Zhang SivaramRamanathan