160 likes | 272 Views
Thesis Direction Introduction. Presented by: Henrry, C.Y. Chiang ( 江政祐 ). Today’s Agenda. 1. Background 2. Motivation 3. Problem Description 4. Problem Formulation Assumptions Given Parameters Objective function and Constraints Decision Variables. Today’s Agenda. 1. Background
E N D
Thesis Direction Introduction Presented by: Henrry, C.Y. Chiang (江政祐)
Today’s Agenda 1. Background 2. Motivation 3. Problem Description 4. Problem Formulation • Assumptions • Given Parameters • Objective function and Constraints • Decision Variables
Today’s Agenda 1. Background 2. Motivation 3. Problem Description 4. Problem Formulation • Assumptions • Given Parameters • Objective function and Constraints • Decision Variables
1. Background • Distributed Denial-of-Service (DDoS) attacks have become a major problem in the Internet today. • In one form of a DDoS attack, a large number of compromised hosts send unwanted traffic to exhaust the victim’s resources and prevent it from serving legitimate users. • One of the main mechanisms proposed to deal with DDoS is filtering, which allows routers to selectively block unwanted traffic.
Today’s Agenda 1. Background 2. Motivation 3. Problem Description 4. Problem Formulation • Assumptions • Given Parameters • Objective function and Constraints • Decision Variables
2. Motivation The proposed filtering mechanism to defend against distributed denial-of-service (DDoS) attacks: • seldom considers the capability of the filter, the capability of the router and multiple (backup) servers under DDoS attacks. • can not guarantee 100% legitimate traffic will not be mistakenly discarded. • has to consider the percentage of the total attack traffic filtered after filters have been allocated.
Today’s Agenda 1. Background 2. Motivation 3. Problem Description 4. Problem Formulation • Assumptions • Given Parameters • Objective function and Constraints • Decision Variables
3. Problem Description Z S G Z S G A Z S G Z Fig 1. initial network topology Fig 2. network topology with only good user traffic Fig 4. network topology with filters installed Fig 3. network topology with both good user traffic and attacker traffic S server G good user router filter Z zombie A attacker good user traffic attacker traffic aggregate (good user and attacker) traffic
Today’s Agenda 1. Background 2. Motivation 3. Problem Description 4. Problem Formulation • Assumptions • Given Parameters • Objective function and Constraints • Decision Variables
4. Problem Formulation - Assumptions (Attacker) Assumptions 1. There are multiple servers to be considered by the attacker. 2. The attacker has a number of compromised hosts (zombies). 3. The attacker can decide which entry node and destination node to pass the zombie’s traffic. 4. The routing policy for the zombie’s traffic will be decided by the autonomous system (AS). 5. The objective of the attacker, who is outside the AS, is to minimize the total legitimate traffic after filters have been allocated.
4. Problem Formulation - Assumptions (Defender) Assumptions 6. There are a number of legitimate users sending traffic to multiple servers considered by the attacker. 7. The routing policy for the legitimate traffic will be decided by the AS. 8. The network administrator (defender) canallocatefilters to routers to maximize the total legitimate traffic after filters have been allocated. 9. The cost to allocate a filter to a router is decided by the capability of the filter.
4. Problem Formulation - Assumptions (Defender) Assumptions 10. The filter must have the certain capability to filter the certain number of zombies’ traffic (connections or volume?). 11. The router must have the certain capability to let the filter be allocated on it. 12. Both the attacker and the network administrator have complete information about the AS (each other?).
4. Problem Formulation - Given Parameters Given 1. The network topology 2. The number of servers to be considered by the attacker 3. The number of compromised hosts (zombies) 3.1 The capability of each zombie 4. The number of legitimate users sending traffic to the number of servers considered by the attacker 5. The total budget (cost) of the network administrator (defender) 6. The cost to allocate a filter with the certain capability 7. The capability of each router within the AS 8. The routing policy of the AS
4. Problem Formulation - Objective function and Constraints Objective • To maximize the minimized total legitimate traffic Subject to 1. The number of compromised hosts (zombies) 1.1 The capability of each zombie 2. The percentage of the total attack traffic which must be filtered after filters have been allocated 3. The total budget (cost) of the network administrator (defender) 4. The number of zombies’ traffic that a filter with the certain capability can filter 5. The capability of each router within the AS
4. Problem Formulation - Decision Variables To determine • Defender: • The budget (filters) allocation strategy • Attacker: 1. The volume of the traffic that each compromised host (zombie) sends 2. The destination node that each compromised host (zombie) sends traffic to 3. The entry node that each compromised host (zombie) sends traffic to pass
The End - It’s my greatest honor to have your attention.