Non-traditional DDoS Attacks and Defenses

Speaker:        Min Suk Kang
                Carnegie Mellon University

Title:          "Non-traditional DDoS Attacks and Defenses"

Date:           Monday, 29 February, 2016

Time:           4:00pm - 5:00pm

Venue:          Lecture Theater F (near lifts 25 & 26), HKUST

Abstract:

Today's Internet has serious security problems. Of particular concern are
distributed denial-of-service (DDoS) attacks, which coordinate large
numbers of compromised machines to make a service unavailable to other
users. DDoS attacks are a constant security threat with over 20,000 DDoS
attacks occurring globally every day. They cause tremendous damage to
businesses and have catastrophic consequences for national security. In
particular, over the past few years, adversaries have started to turn
their attention from traditional targets (e.g., end-point servers) to
non-traditional ones (e.g., ISP backbone links) to cause much larger
attack impact.

In this presentation, I will review recent results regarding
non-traditional DDoS attacks and potential defense mechanisms. First, I
will review a non-traditional type of link-flooding attack, called the
Crossfire attack, which targets and floods a set of network links in core
Internet infrastructure, such as backbone links in large ISP networks.
Using Internet-scale measurements and simulations, I will show that the
attack can cause huge connectivity losses to cities, states, or even
countries for hours or even days. Second, I will introduce the notion of
the routing bottlenecks, or small sets of network links that carry the
vast majority of Internet routes, and show that it is a fundamental
property of Internet design; i.e., it is a consequence of route-cost
minimizations. I will also illustrate the pervasiveness of routing
bottlenecks around the world, and measure their susceptibility to the
Crossfire attack. Finally, I will explore the possibility of building a
practical defense mechanism that effectively removes the advantages of
DDoS adversaries and deters them from launching attacks. The proposed
defense mechanism utilizes a software-defined networking (SDN)
architecture to protect large ISP networks from non-traditional DDoS
attacks.


******************
Biography:

Min Suk Kang is a Ph.D. candidate in Electrical and Computer Engineering
(ECE) at Carnegie Mellon University. He is advised by Virgil D. Gligor in
CyLab. Before he joined Carnegie Mellon, he worked as a researcher as part
of Korean military duty at the Department of Information Technology at
KAIST Institute. He received B.S. and M.S. degrees in Electrical
Engineering and Computer Science (EECS) at Korea Advanced Institute of
Science and Technology (KAIST) in 2006 and 2008, respectively. His
research interests include network and distributed system security,
wireless network security, and Internet user privacy.