DATE: Thursday, January 28, 2016
TIME: 12:00 pm - 1:00 pm
PLACE: RMCIC 4th Floor Panther Hollow Room
SPEAKER: Min Suk Kang, CMU
TITLE: Non-traditional DDoS Attacks Against the Internet Infrastructure: Attack Strategies, Exploitable Vulnerabilities, and Potential Defenses
ABSTRACT:
Today's Internet has serious security problems. Of particular concern are distributed denial-of-service (DDoS) attacks, which coordinate large numbers of compromised machines to make a service unavailable to other users. DDoS attacks are a constant security threat with over 20,000 DDoS attacks occurring globally every day. They cause tremendous damage to businesses and have catastrophic consequences for national security. In particular, over the past few years, adversaries have started to turn their attention from traditional targets (e.g., end-point servers) to non-traditional ones (e.g., ISP backbone links) to cause much larger attack impact.
In this presentation, I review recent results regarding non-traditional DDoS attacks and potential defense mechanisms. First, I review a non-traditional type of link-flooding attack, called the Crossfire attack, which targets and floods a set of network links in core Internet infrastructure, such as backbone links in large ISP networks. Using Internet-scale measurements and simulations, I show that the attack can cause huge connectivity losses to cities, states, or even countries for hours or even days. Second, I introduce the notion of the routing bottlenecks, or small sets of network links that carry the vast majority of Internet routes, and show that it is a fundamental property of Internet design; i.e., it is a consequence of route-cost minimizations. I also illustrate the pervasiveness of routing bottlenecks around the world, and measure their susceptibility to the Crossfire attack. Finally, I explore the possibility of building a practical defense mechanism that effectively removes the advantages of DDoS adversaries and deters them from launching attacks. The proposed defense mechanism utilizes a software-defined networking (SDN) architecture to protect large ISP networks from non-traditional DDoS attacks.
BIO:
Min Suk Kang is a Ph.D. candidate in Electrical and Computer Engineering (ECE) at Carnegie Mellon University. He is advised by Virgil D. Gligor in CyLab. Before he joined Carnegie Mellon, he worked as a researcher as part of Korean military duty at the Department of Information Technology at KAIST Institute. He received B.S. and M.S. degrees in Electrical Engineering and Computer Science (EECS) at Korea Advanced Institute of Science and Technology (KAIST) in 2006 and 2008, respectively. His research interests include network and distributed system security, wireless network security, and Internet user privacy.
SDI / ISTC SEMINAR QUESTIONS?
Karen Lindenfelser, 86716, or visit www.pdl.cmu.edu/SDI/